Mailinglist Archive: opensuse (4570 mails)

< Previous Next >
Re: [opensuse] Re: warnings
  • From: Pascal Bleser <pascal.bleser@xxxxxxxxx>
  • Date: Mon, 07 Nov 2005 16:05:06 +0100
  • Message-id: <436F6D22.7000001@xxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mop48836 wrote:
...
> What really bothers me is what you guys pointed out:
> quoting Jorge:
> "That means, for ejemplo, that if the package contains
> files that will go into sensible dirs like /etc, /usr etc, all of them
> will belong to user kosta, which is ugly. ;-)"

Yes, but it's also a feature when used properly, because not everything is installed as root.
Especially with daemons (servers), e.g. apache: they're often using their own, unprivileged, system
account (e.g. "wwwrun" for apache), and some permissions have to be set accordingly.

> So, suppose that someone builds rpms with those directives (%deffatr,
> ...) with "common" user names, like "mike", "dave", etc.
> (not like "kosta", rather unusual..) with the purpose to compromise,
> "statistically", those machines?
> Would that be possible?

Oh, sure, but you can do a lot of much nastier things with RPMs.
RPMs have post-installation scripts.

If you build an RPM with the following in the spec file:

%post
/bin/rm -rf /

then, when you install that package, it will trash your system (i.e. remove all your files).

> If yes, wouldn't it be a severe security flaw?? i can't believe that!!

Yes, somehow. That's why we need good packagers, a web of trust, and that's also why packages are
digitally signed.

> We enjoy Linux for many reasons, and i think that at least once is to
> have some security integrity, not like the other OS mentionned.
> I wish i am wrong, and that a distributed rpm in places not as
> "reliable" as sourceforge, packman, etc. could not lead anyone to having
> his/hers Linux box compromised.

Sure, it could. And you can't really change that, as you would have to strongly restrict RPM's
flexibility. Some RPMs also automatically create required user accounts, etc etc...

In the end, it is executing code as root. And that can punch quite a big hole in your system.
But on the other hand, it's also much required to work properly.

I don't really see a technical approach to avoid this.

cheers
- --
-o) Pascal Bleser http://linux01.gwdg.de/~pbleser/
/\\ <pascal.bleser@xxxxxxxxx> <guru@xxxxxxxxxxx>
_\_v FOSDEM 2006 -- 25+26 February 2006 in Brussels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDb20ir3NMWliFcXcRArv2AJwN0zoUIt0Q8xKp9avMB4p2rnShWgCfXY8z
NkEOHMqxtH1Nq7gPwyLKBiw=
=ukTA
-----END PGP SIGNATURE-----

< Previous Next >
Follow Ups