[buildd-tools-devel] Bug#566879: Bug#566879: Bug#566879: Bug#566879: dchroot: does not work as root
Roger Leigh
rleigh at codelibre.net
Thu Jan 28 22:32:28 UTC 2010
On Thu, Jan 28, 2010 at 09:34:35PM +0000, Roger Leigh wrote:
> OK, I have a fix! (attached)
[...]
> This has been committed into git, but I'll need to ponder the
> implications for a little bit before I upload it.
After further review:
the patch as presented (really attached this time) introduces a
security hole that while user->otheruser switching is forbidden,
user->user authentication will always succeed. While there's no
hole *at present*, the altered semantics of auth_null could
result in a future bug if we make the assumption of failure.
Solution:
1) Keep auth_null as the default session authentication method.
2) Add auth_pam to *all* of schroot/dchroot/dchroot-dsa by
adding add_session_auth to schroot::main_base (common to
dchroot, dchroot-dsa and schroot). Make virtual to allow
addition of user-switching for schroot.
Mostly done, but won't be finished tonight. Since this has
potential for security problems, I'll need to carefully
review it.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-sbuild-auth_null-Allow-authentication-skip-if-local-.patch
Type: text/x-diff
Size: 1076 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100128/4569987a/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-sbuild-auth_null-Only-root-can-authenticate.patch
Type: text/x-diff
Size: 1340 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100128/4569987a/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-sbuild-auth_pam-Remove-unneeded-header.patch
Type: text/x-diff
Size: 638 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100128/4569987a/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-schroot-dchroot-and-dchroot-dsa-also-use-PAM.patch
Type: text/x-diff
Size: 4198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100128/4569987a/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100128/4569987a/attachment.pgp>
More information about the Buildd-tools-devel
mailing list