[Popcon-developers] Bug#429405: Wrong usage of su in /etc/cron.weekly/popularity-contest (New bug)
Klaus Ethgen
Klaus at Ethgen.de
Mon Jun 18 17:53:17 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Bill,
Am Mo den 18. Jun 2007 um 17:53 schrieb Bill Allombert:
> It is not the case on Debian by default:
> nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
That's true but it is not as save as I wanna have it on my systems. (All
system users on my system have /bin/sh if no special reason give other.)
> Furthermore the point of user nobody is to be able to run process
> that have no file access permission outside 'other' (since no files are
> owned by user or group nobody). If you preclude it from running
> programs, then this user is useless. If nobody does not have a default
> shell, every usage of 'su nobody' must hard-code a shell instead of
> following /etc/passwd. This is generally a bad thing. Only root can 'su
> nobody' anyway.
That is incorrect. If you have to call something as nobody you know the
shell where it has to run under. Also I never ever want a normal user to
su to nobody at all! Moreover nobody has ever to run a interactive shell
as user nobody! So there is no need for a shell for this user. It is
only a security problem IF the user nobody has a shell and a server like
i.e. the webserver has a security flaw when running code as user nobody
the attacker has a shell for free (Sure with no home but there is other
places where also nobody can write to)! So never give nobody a shell.
By the way, also if I give him a shell, how can you be sure that calling
/bin/sh from this shell is allowed? Or maybe it has other syntax to call
such a shell.
And it is not useless at all as every cron job can use su -s /bin/sh (or
/bin/bash or /usr/bin/perl ... as you wish). This is also the case with
/etc/cron.weekly/popularity-contest. You still select a shell explicit.
Why not selecting it by "su -s /bin/sh" which is more clean and the
safest way?
> /etc/cron.weekly/popularity-contest is not the only script to use
> 'su nobody' without -s.
Uh, its the only one I know 'till now. But that only as side comment,
popcon should be better as all other software of course. ;-)
Best Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.de/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRnbGjJ+OKpjRpO3lAQIUcQf/XpEf8CtQ8+Z/GlbLzLihzO2sazJm6imE
FxE231o18dS1OxthxyMcFWEfrFdQgUHk6b8ic8Vd6LtCjzKr+dNywESpadx8b1nF
0SRpoyXZE+5HhanK0wB3YFJJ9SB6T94We3Y4Id7wPdyuk9W30jVAjujwCg0y6GEC
uaFL1j86hKkoIV3LLOW//92dFjA+33HMrytumlK9G7eCfWGnqQmC7haa6sHjC+qX
OabL/XWyV+BWc5lS8B+nE6bF/1UD499ZdeYFxtNIIYK17V6J4mJIUBzSTOtE7tZ6
ziy0Eb4pJheDZ9WxbpSSNVa+Ax1nsIcCd3pEw+KOtClSFuTTk1ioZw==
=Ra4a
-----END PGP SIGNATURE-----
More information about the Popcon-developers
mailing list