[Resolvconf-devel] Bug#819498: Bug#819498: /etc/resolvconf/update.d/resolvconf-update-bind called without CAP_CHOWN from n-m

Marc Haber mh+debian-bugs at zugschlus.de
Wed Mar 30 09:12:19 UTC 2016


On Wed, Mar 30, 2016 at 09:35:32AM +0200, Thomas Hood wrote:
> I am happy to remove the chown from the (example) script. But are you sure
> that bind processes the file if the owner is not root:bind?

Mine takes it happily with root:staff. I guess it won't if it can't
read the file, so the script should make sure to create the file world
readable, which might introduce a privacy problem iff private
information is in the file.

Maybe take a look at the source file and spew an error if it isn't
world readable, so that the local admin can decide whether to make
the source file world readable or to add CAP_CHOWN to network-manager.

I do not have an idea if a shell script can check for certain
capabilities, so the script might want to add error handling for the
chown like

if ! stat --format="%A" "$TMP_FILE" | grep -q '.......r..'; then
  if ! chown "$TMP_FILE"; then
    echo >&2 "Error: cannot chown $TMP_FILE, capability missing, see #819498"
  fi
fi

(untested)

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421



More information about the Resolvconf-devel mailing list