New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
install-setuid target #15
install-setuid target #15
Conversation
Can you please squash all your changes in one commit? Some commit changes each others and it is difficult to review. |
0b98d13
to
2efc535
Compare
done ^ |
Please check if it behaves as expected and if it doesn't introduce any vulnerability when installing as setuid. When requiring Let's look at the code: Lines 36 to 39 in 8e680b6
The code checks for a couple of sudo-related env variables. If they are not there, the code doesn't try dropping any root privileges, which is precisely the vulnerability I was talking about. In fact, we can test it right now:
So, before merging this PR, the code must be updated to properly drop privileges when launched without sudo. |
To be honest I did not really read the code that dropped privileges. Does the latest commit address your issue? Same code path likely works for sudo and for setuid |
I'm not super-familiar with the APIs, so I can't judge if this is the best approach. However, this latest commit changed the
This means the command will be running as root, when Maybe a better approach could be to detect when it's going to run the child process as root and only proceed if a new |
To me this behavior looks better. If you run a command under |
As of d086dfd there are four ways to run
I base this behavior on two factors. 1/ I don't think it is common for an user to want a command to run as root. |
If you want to submit an individual PR for the |
An alternative approach to mitigate potential setuid vulnerabilities is to use a second group on the ste binary: instead of chown root:root /usr/bin/ste
chmod 4755 /usr/bin/ste implement like chown root:ste /usr/bin/ste
chmod 4750 /usr/bin/ste That way admins have a way to limit access to the setuid binary via standard groupadd procedure. |
Convenience target to make ste setuid:
Depends on #11