Bug 611009
| Summary: | BackupPC uses perl-suidperl | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ralf Corsepius <rc040203> |
| Component: | BackupPC | Assignee: | Johan Cwiklinski <fedora> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 14 | CC: | fedora, iarnell, jlaska, mmaslano, robatino |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | BackupPC-3.1.0-15.fc14 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-08-03 02:20:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 620623 | ||
|
Description
Ralf Corsepius
2010-07-03 05:12:38 UTC
One simple option would be to create a C wrapper for BackupPC_Admin script and make that setuid instead of the script itself. See http://perldoc.perl.org/perlsec.html#Security-Bugs for more details. I've mailed upstream about that issue: - http://sourceforge.net/mailarchive/forum.php?thread_name=4C2EEAA6.7090004%40x-tnd.be&forum_name=backuppc-users - http://sourceforge.net/mailarchive/forum.php?thread_name=4C2EF16A.1070505%40x-tnd.be&forum_name=backuppc-devel There's also a debian bug about the same issue, but little progress. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581950 Using a C wrapper is really quite simple. Move the existing BackupPC_Admin script to BackupPC_Admin.pl, compile the wrapper and install as /usr/share/BackupPC/sbin/BackupPC_Admin with permissions 4755. #include <unistd.h> #ifndef REAL_PATH #define REAL_PATH "/usr/share/BackupPC/sbin/BackupPC_Admin.pl" #endif int main(ac, av) char **av; { execv(REAL_PATH, av); return 0; } Thank for the tip Iain :) I will probably use that to fix the current issue (I really do not want to see BackupPC disappear from repositories). I won't have tiome for that until next week (I'm very overbooked this week), I hope having some advices from upstream until that. Someone on BackupPC users mailing list tell me I can use apache suid mechanism (http://sourceforge.net/mailarchive/forum.php?thread_name=4C2F62D4.3010702%40gmail.com&forum_name=backuppc-users). What do you think about this solution? Unfortunately, I don't think you'll be able to use apache's suexec mechanism. It's configured at compile time to only execute programs that live under /var/www (and packaging guidelines forbids packages from installing anything under /var/www), and to only execute programs as a user with uid >= 500 and gid >= 100. This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle. Changing version to '14'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping BackupPC-3.1.0-15.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14 BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update BackupPC'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14 BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |