[Pkg-deepin-devel] Bug#894772: RFS: deepin-system-monitor/1.4.3-1 [ITP]
Adam Borowski
kilobyte at angband.pl
Sun Apr 8 19:55:59 UTC 2018
On Wed, Apr 04, 2018 at 01:00:30PM +0800, Yanhao Mo wrote:
> * Package name : deepin-system-monitor
> Version : 1.4.3-1
> deepin-system-monitor - System monitor for Deepin Desktop Environment
Hi!
As for the packaging itself, the nethogs/ subproject is not included in the
copyright file; it seems to be already packaged separately, too.
But, that's easy to fix. I found a bigger problem though:
The program has a long list of caps (with a fallback to setuid), that allow
any user perform most of root-only actions. For example one of menus allows
anyone to kill/suspend/resume any process in the system. No authentication
of any kind, no policy, just kill any process, period.
It's not just the GUI user who can do this, it's easy enough to simulate a
GUI to have deepin-system-monitor do what any process, by any uid, wants.
And if you say "most computers don't have untrusted users", then well -- you
still don't want some random thing running as another uid to have full
control over the system. And, most schools/etc will install a bunch of
available desktop environments so individual users can choose; if Deepin is
one of these environments, you can take over anyone else.
And even if deepin-system-monitor had appropriate access control, it's still
a thoroughly bad idea to grant caps to a GUI process. d-s-m crashed for me
twice (segfault) while casually perusing it, I imagine it'd be trivial to do
so intentionally. And even if your code is 100% perfectly correct and
solid, d-s-m uses many many libraries, any of which can have bugs that can
be easy to subvert; various plugins can be loaded into the process, etc.
There's no way this could be done securely: thus, the security boundary must
be elsewhere. Be it a small helper program, some kind of RPC, etc -- the
privileged action can't be done by the GUI program.
Thus, I'm afraid that deepin-system-monitor can't go into Debian without
some serious rethinking. I cannot adequately assist you here, as I don't
know the way such policies are done these days, you'd need to ask someone
more knowledgeable than me.
I seriously hope I'm failing to understand something here...
Meow!
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢰⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ ... what's the frequency of that 5V DC?
⠈⠳⣄⠀⠀⠀⠀
More information about the Pkg-deepin-devel
mailing list