This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 173113 - Small patch for runuser: disallow suid operation
Small patch for runuser: disallow suid operation
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-14 04:13 EST by Thomas Bleher
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 5.93-2
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-14 05:57:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Thomas Bleher 2005-11-14 04:13:35 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7)

Description of problem:
I think the following small patch should be applied to the coreutils
package, on top of the existing patch:

--- runuser.c.orig      2005-10-19 22:01:57.000000000 +0200
+++ runuser.c   2005-10-19 22:00:53.000000000 +0200
@@ -19,6 +19,8 @@
        return PAM_SUCCESS;
 }
 int pam_open_session(pam_handle_t *pamh, int flags){
+       if (getuid() != geteuid()) /* safety net: deny operation if we are suid by accident */
+               error(EXIT_FAIL, 1, "runuser may not be setuid");
        return PAM_SUCCESS;
 }
 int pam_close_session(pam_handle_t *pamh, int flags){

Rationale:
There are still a lot of scripts that assume they can use "su" to switch
uids. In some situations (eg mine :) it is simply too much work to audit
them all and keep up with updates. Instead I intend to "mv su su2; ln
runuser su" and teach the other admins to use su2 instead (users are not
allowed to use su anyway). The only problem currently is that if the
permissions on the new su are accidently set to the usual values (by
admin error or a permission check script) there is a security hole
immediately. This small patch prevents this problem; it should not
interfere with normal operation in any way.

PS: This patch has been in use since a few weeks and has not caused any problems so far. It was posted to the SELinux-ML and acked by Russell Coker, who requested that the patch be bugzilla'd.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
4.

Additional info:
Comment 1 Tim Waugh 2005-11-14 05:57:27 EST
Thanks for the report.  Fixed in 5.93-2 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.