[Pkg-shadow-devel] Bug#827479: newgrp: use CAP_SETGID instead of setuid on platforms that support it
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jun 16 19:02:02 UTC 2016
Package: login
Version: 1:4.2-3.1
Severity: normal
newgrp is currently setuid root. Since the only superuser activity it
is supposed to execute is changing group status, it would be safer to
use setcap CAP_SETGID instead.
the iputils-ping package made this transition for ping. That package
Recommends: libcap2-bin, and has a postinst containing:
if [ "$1" = configure ]; then
# If we have setcap is installed, try setting cap_net_raw+ep,
# which allows us to install our binaries without the setuid
# bit.
if command -v setcap > /dev/null; then
if setcap cap_net_raw+ep /bin/ping; then
chmod u-s /bin/ping
else
echo "Setcap failed on /bin/ping, falling back to setuid" >&2
chmod u+s /bin/ping
fi
else
echo "Setcap is not installed, falling back to setuid" >&2
chmod u+s /bin/ping
fi
fi
It would be great to do a similar thing for newgrp.
--dkg
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages login depends on:
ii libaudit1 1:2.5.2-1
ii libc6 2.22-11
ii libpam-modules 1.1.8-3.3
ii libpam-runtime 1.1.8-3.3
ii libpam0g 1.1.8-3.3
login recommends no packages.
login suggests no packages.
-- debconf-show failed
More information about the Pkg-shadow-devel
mailing list