On Tue, Mar 22, 2005 at 02:37:14PM +1100, [EMAIL PROTECTED] wrote: > > Could the settings > >>> Severity: critical > >>> Justification: root security hole > >>> please be re-instated on this bug? In some common scenarios, current > >>> arrangements allow root access. > >> > >> Could this be done, please, while we discuss (argue?) resolution? > > > > No, I think that would be far overstating the facts. > > Are you sure there are no security issues, and absolutely sure there are no > root security holes, lurking in there? > > I am tempted to publicize the issue on the BugTraq and FullDisclosure > mailing lists. Maybe I am wrong, and will suffer the humiliation of being > laughed at; or maybe I am right ... > > (I know Matt thinks bugs.debian is public already, but it is quite obscure; > so the general public, Debian users, and other Linux/UNIX maintainers may > still be in the dark.)
I've already stated my position on the bug, and I think that this use of the staff group should be avoided. The fact, though, is that this is a privilege escalation from the (documented, but essentially unused) 'staff' group to root. Similar escalations exist commonly in other systems via, e.g., the 'bin' user/group which owns binaries in the default PATH. The "kmem" group also leads trivially to root. But unless the system administrator takes it upon themselves to give these privileges away, there is no realistic attack vector, and no justification for alarm. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
