Bug 193121 - pegasus files lost world-read and world-execute permissions (regression)
Summary: pegasus files lost world-read and world-execute permissions (regression)
Alias: None
Product: Fedora
Classification: Fedora
Component: tog-pegasus   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact:
Keywords: Reopened
Depends On:
TreeView+ depends on / blocked
Reported: 2006-05-25 13:29 UTC by Avi Kivity
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-10 12:19:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Avi Kivity 2006-05-25 13:29:46 UTC
Description of problem:
The latest release of tog-pegasus has all files installed world-unreadable and 
world-unexecutable. This means it is impossible for a user to link against 
pegasus libraries, or to run pegasus executables.

This is a regression from the release provided in base.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. try to link against tog-pegasus libraries
Actual results:

Expected results:
link succeeds

Additional info:
Removing the world-readable and world-executable cannot be explained in terms 
of security, as users can download the source rpm, and build it so it runs in 
their home directories (or play LD_LIBRARY_PATH games with files extracted 
from the binary rpm). 

Reducing access permissions only makes sense for configuration files.

Comment 1 Jason Vas Dias 2006-05-30 22:20:00 UTC
Only members of the 'pegasus' group or root can connect with the cimserver.
This extra security was added because the cimserver process runs with root
privilege, and can return information to non-root callers that only the 
root user would otherwise be allowed to see - for instance, the list of
ALL running processes. Since all the pegasus libraries are used for 
communicating with the cimserver, they also should be readable + executable
only by root or members of the pegasus group, and the root user sysadmin must 
make a conscious choice to allow users to talk to the cimserver or use 
the pegasus libraries by granting them membership of the pegasus group. 
Making the access change to the libraries means that the cimserver does not 
have to deny unprivileged users access to itself,  and un-privileged users 
cannot tie up the cimserver with denials (making a DoS attack).

Sorry, but this is the way the pegasus libraries will be installed in the Red
Hat tog-pegasus releases, for security reasons - if you don't like it, you can
always change the permissions of the libraries yourself:
# rpm -ql tog-pegasus | grep /usr/lib | while read f; do chmod a+rX $f; done

Comment 2 Avi Kivity 2006-05-31 07:30:48 UTC
As I pointed out, this has zero effect on security, as users can install the 
libraries in their home directories and use them (or connect to the socket 
directly through the TCP ports, using telnet or some other client in a loop).

On the other hand, it does affect usability, since now developers cannot link 
against the libraries.

No other package uses permissions on freely-available executables as a means 
to limit access.

Please reconsider. You're not improving security but instead you are making 
life needlessly harder.

Comment 3 Avi Kivity 2006-05-31 07:31:56 UTC
Oh, and changing permissions is not a very good workaround as the next update 
will overwrite them.

Comment 4 Jason Vas Dias 2006-05-31 19:15:24 UTC
OK, I'll surrender to popular opinion here - the tog-pegasus libraries are now
back at mode 0755, in tog-pegasus-2.5.1-5.FC5 / tog-pegasus-2.5.1-6.FC6 .
Releasing tog-pegasus-2.5.1-5.FC5 to updates/testing today.

Comment 5 Avi Kivity 2006-06-01 10:13:11 UTC
Thanks. tog-pegasus-2.5.1-5.FC5 works as expected.

Note You need to log in before you can comment on or make changes to this bug.