Bug#407678: boinc-client: /etc/boinc-client files should be 640
root:boinc (passwd leakage)
Thibaut VARENE
varenet at debian.org
Tue Jan 23 12:12:07 CET 2007
Hi Steffen,
I don't see how a group of users should have a need for editing these
4 files. The daemon shouldn't be able to write its own config files
(at least not those in /etc/boinc-client, these are not modifiable by
any RPC config option of the daemon, afaik, and they contain
security-related information such as alllowed remote hosts and passwd,
as well as global prefs override).
As long as the "group of person" that handle boinc have the boinc
passwd, they don't need to edit these files :)
FWIW, I've built my own customised boinc-client package for deployment
over a large number of computers with these perms, and it works just
fine. People in charge of handling the boinc daemon can tune the
preferences/projects through a Boinc Account Manager on the web, and
no local user can mess with the boinc installation.
So, I really think 640 is the right thing, but heh, you're the maintainter :)
HTH
T-Bone
On 1/20/07, Steffen Moeller <moeller at inb.uni-luebeck.de> wrote:
> Hi Thibaut,
>
> you made a good point from how I see it. I could imagine a group of users that
> is assigned to the boinc group for editing the files. Should the permission
> then not rather be 660 ?
>
> Many greetings
>
> Steffen (who has collected 490 credits since you pointed him to boincsimap)
>
> On Saturday 20 January 2007 13:28, Thibaut VARENE wrote:
> > Package: boinc-client
> > Version: 5.4.11-4
> > Severity: normal
> >
> > boinc-client default install sets the following modes on
> > /etc/boinc-client/gui_rpc_auth.cfg:
> > -rw-r--r-- 1 boinc boinc 8 Jan 14 01:01 gui_rpc_auth.cfg
> >
> > By default it doesn't contain any password, but if an admin adds one
> > without checking the permissions, this password will be available to any
> > user on the system (allowing them to control the boinc daemon, and
> > potentially detach/attach projects, etc).
> >
> > Also, given the owner of this file is user 'boinc', the boinc daemon
> > itself could overwrite the contents of this file. An attacker finding a
> > programing flaw in the software could take advantage of this as well.
> >
> > This also applies to a lesser extent to the other files in the
> > /etc/boinc-client directory.
> >
> > Thus, it seems to me that the files in the /etc/boinc-client directory
> > should be 640 root:boinc instead of 644 boinc:boinc
> >
> > HTH
> >
> > T-Bone
> >
> > -- System Information:
> > Debian Release: 4.0
> > APT prefers testing
> > APT policy: (500, 'testing')
> > Architecture: powerpc (ppc)
> > Shell: /bin/sh linked to /bin/bash
> > Kernel: Linux 2.6.19-ck2
> > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> >
> > Versions of packages boinc-client depends on:
> > ii adduser 3.101 Add and remove users and
> > groups ii debconf 1.5.11 Debian configuration
> > management sy ii libc6 2.3.6.ds1-8 GNU C Library:
> > Shared libraries ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error
> > description library ii libcurl3 7.15.5-1
> > Multi-protocol file transfer libra ii libgcc1 1:4.1.1-19
> > GCC support library
> > ii libidn11 0.6.5-1 GNU libidn library,
> > implementation ii libkrb53 1.4.4-6 MIT Kerberos
> > runtime libraries ii libssl0. 0.9.8c-4 SSL shared
> > libraries
> > ii libstdc+ 4.1.1-19 The GNU Standard C++ Library
> > v3 ii lsb-base 3.1-22 Linux Standard Base 3.1
> > init scrip ii python 2.4.4-2 An interactive
> > high-level object-o ii zlib1g 1:1.2.3-13
> > compression library - runtime
> >
> > boinc-client recommends no packages.
> >
> > -- debconf information excluded
>
> --
>
> Dr. Steffen Möller
> University of Lübeck
> Institute of Neuro- and Bioinformatics
> Ratzeburger Allee 160
> 23538 Lübeck
> Germany
> T: +49 451 500 5504
> F: +49 451 500 5502
> moeller at inb.uni-luebeck.de
>
>
>
--
Thibaut VARENE
http://www.parisc-linux.org/~varenet/
More information about the pkg-boinc-devel
mailing list