Package: devscripts Version: 2.12.6 Severity: normal Tags: security Hi,
I was informed that cowpoke might be running Lintian with higher privileges than normal. As we are considering to able "user" checks by default, cowpoke should be audited to avoid any ill side-effects. As I understand the setup, cowpoke will send a build task to a remote server (via SSH). The server will then build the package as root and after that as "$BUILDD_USER" run lintian. $BUILDD_USER could be a shared account (between multiple users) or even "root" on the server. >From what I can tell, there is "probably not an issue here". The client can already now send the server an arbitrary shell script and runs it as the BUILDD_USER if they can use cowpoke[1]. So the clients have to be trusted with (effective) shell access. To exploit the user checks in Lintian, the client would have to be able to write to the BUILDD_USER's $HOME on the server (or choose the contents of the XDG_DATA_* variables, in which can any directory will do)[2]. If you agree with my assertion, lets just close this as "not a problem". ~Niels [1] There is no way to automatically audit the script received from the client is from actually cowpoke (and much less that it does). [2] Technically, /etc/lintian is a possible location as well, but if the client has write access there, Lintian will probably still be the least of your worries. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
