Aw: Re: [opensuse-factory] openSUSE 13.2 / Tumbleweed - user have full root access on / - is this security hole ???!!!

3 Jan 2015

      Hi,

due to a damaged Tumbleweed "upgrade" with "zypper dup" on an openSUSE 13.1 installation, I have done a new installation (with formating the HDD root partition). Only some Data and the Home drive I've not changed (Mounted again - /home via NFS/NIS - see below). During the installation I use only the expert way with dedicated "old school" Users. NFS/NIS and the old partitions I've only added manually via "YaST" and edit of the "/etc/fstab". After installation I've installed Tumbleweed like this description:
https://de.opensuse.org/Portal:Tumbleweed/Themen

After the Update, I the system don't boot anymore. The Kernel hangs with 

A start job is running for Load Kernel Modules (.../no limit) 

I fixed this error with deinstallation of the latest kernel and new installation after reboot.

I don't think that this have any influence to this topic.

Regards
Ulf
...
Gesendet: Samstag, 03. Januar 2015 um 11:29 Uhr
Von: "Marcus Meissner" 
An: ub22@gmx.net
Cc: "Mailing List openSUSE Factory" 
Betreff: Re: [opensuse-factory] openSUSE 13.2 / Tumbleweed - user have full root access on / - is this security hole ???!!!
Hi,
this should not happen and is a security issue.
Question is really what made / read-writeable.
The .mod files seem to come from grub2.
Did you adjust something in grub2?
Ciao, MArcus
On Sat, Jan 03, 2015 at 10:42:10AM +0100, ub22@gmx.net wrote:
...
Hi,
I've not seen any Email with this topic before.
But I've seen by accident, that I've as (NIS) user full access on root btrfs formatted filesystem! What is the background of this topic? In the previous version openSUSE 13.1 / Tumbleweed and ext4 root filesystem, I've no rights as normal user? Is this a big security hole?!
...
ls -1 / | wc -l
338
...
ls -al /. | head
insgesamt 18988
drwxrwxrwx   1 root     root         6878  3. Jan 09:45 .
drwxrwxrwx   1 root     root         6878  3. Jan 09:45 ..
-rw-r--r--   1 root     root         9932  9. Dez 16:13 acpi.mod
-rw-r--r--   1 root     root         1312  9. Dez 16:13 adler32.mod
-rw-r--r--   1 root     root         5664  9. Dez 16:13 affs.mod
-rw-r--r--   1 root     root         6636  9. Dez 16:13 afs.mod
-rw-r--r--   1 root     root        15444  9. Dez 16:13 ahci.mod
-rw-r--r--   1 root     root          701  9. Dez 16:13 all_video.mod
...
mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,size=3925456k,nr_inodes=981364,mode=755)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
/dev/sda1 on / type btrfs (rw,relatime,ssd,space_cache)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=35,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
/dev/sda1 on /var/tmp type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/spool type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /.snapshots type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/opt type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /boot/grub2/x86_64-efi type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/log type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/lib/named type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/lib/pgsql type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/lib/mailman type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /var/crash type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /usr/local type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /temp type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /opt type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /mnt/home1 type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /srv type btrfs (rw,relatime,ssd,space_cache)
/dev/sda1 on /boot/grub2/i386-pc type btrfs (rw,relatime,ssd,space_cache)
/dev/sdb6 on /mnt/images type ext3 (rw,relatime,data=ordered)
/dev/sdb5 on /mnt/home2 type ext4 (rw,relatime,data=ordered)
/dev/sdb2 on /tmp type ext4 (rw,relatime,data=ordered)
none on /var/lib/ntp/proc type proc (ro,nosuid,nodev,relatime)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
192.168.2.1:/home on /home type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.20,local_lock=none,addr=192.168.2.1)
192.168.2.1:/home/users on /home/users type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.20,local_lock=none,addr=192.168.2.1)
192.168.2.1:/home/users on /mnt/data1 type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.20,local_lock=none,addr=192.168.2.1)
192.168.2.1:/data2 on /mnt/data2 type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.2.20,local_lock=none,addr=192.168.2.1)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
gvfsd-fuse on /run/user/1003/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1003,group_id=100)
...
df
Dateisystem              1K-Blöcke    Benutzt Verfügbar Verw% Eingehängt auf
/dev/sda1                 62521344   27750300  32913828   46% /
devtmpfs                   3925456          0   3925456    0% /dev
tmpfs                      3965308      39152   3926156    1% /dev/shm
tmpfs                      3965308       1628   3963680    1% /run
tmpfs                      3965308          0   3965308    0% /sys/fs/cgroup
/dev/sda1                 62521344   27750300  32913828   46% /var/tmp
[...]
PS: Why there are so many files in the / folder and why the btrfs filesystem in standard configuration runs full after only one mount (100%) and I must clean it manually? Very crazy topic!
Regards
Ub22 
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Aw: Re: [opensuse-factory] openSUSE 13.2 / Tumbleweed - user have full root access on / - is this security hole ???!!!

ub22＠gmx.net