On Mon, Dec 12, 2005 at 02:54:44PM +0100, Tollef Fog Heen wrote: > * Justin Pryzby > > | Have you given any thought to this bug? It seems like it would be > | easy and desirable to avoid running wget as root. Indeed, *two* of > | the outstanding RC bugs in the months leading up to the etch release > | were security problems with wget. > > If so, I don't think I would want it to run as nobody, but rather > having a special user created for this sole task, which seems rather > overkill. Else, any other process running as nobody could subvert the > download and possibly make root run arbitrary code. I don't suppose md5sums are available? Does the file change sufficiently often such that its not reasonable to hardcode an MD5?
Though I'm not sure what the requirements are for this kind of user, is there any problem adding a user, running wget as that user, and then removing the user? Ah, maybe this bug is moot anyway. I seem to recall a thread on LKML (or was it a debian bug log?) where it was pointed out that there is no way to drop privileges in such a way that you can't get them back with seteuid(getsuid()). In which case, this bug lies in your hands, since I can't think of a clean way to have it run as a user which cannot regain privileges. -- Clear skies, Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
