Red Hat Bugzilla – Bug 193121
pegasus files lost world-read and world-execute permissions (regression)
Last modified: 2007-11-30 17:11:33 EST
Description of problem:
The latest release of tog-pegasus has all files installed world-unreadable and
world-unexecutable. This means it is impossible for a user to link against
pegasus libraries, or to run pegasus executables.
This is a regression from the release provided in base.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. try to link against tog-pegasus libraries
Removing the world-readable and world-executable cannot be explained in terms
of security, as users can download the source rpm, and build it so it runs in
their home directories (or play LD_LIBRARY_PATH games with files extracted
from the binary rpm).
Reducing access permissions only makes sense for configuration files.
Only members of the 'pegasus' group or root can connect with the cimserver.
This extra security was added because the cimserver process runs with root
privilege, and can return information to non-root callers that only the
root user would otherwise be allowed to see - for instance, the list of
ALL running processes. Since all the pegasus libraries are used for
communicating with the cimserver, they also should be readable + executable
only by root or members of the pegasus group, and the root user sysadmin must
make a conscious choice to allow users to talk to the cimserver or use
the pegasus libraries by granting them membership of the pegasus group.
Making the access change to the libraries means that the cimserver does not
have to deny unprivileged users access to itself, and un-privileged users
cannot tie up the cimserver with denials (making a DoS attack).
Sorry, but this is the way the pegasus libraries will be installed in the Red
Hat tog-pegasus releases, for security reasons - if you don't like it, you can
always change the permissions of the libraries yourself:
# rpm -ql tog-pegasus | grep /usr/lib | while read f; do chmod a+rX $f; done
As I pointed out, this has zero effect on security, as users can install the
libraries in their home directories and use them (or connect to the socket
directly through the TCP ports, using telnet or some other client in a loop).
On the other hand, it does affect usability, since now developers cannot link
against the libraries.
No other package uses permissions on freely-available executables as a means
to limit access.
Please reconsider. You're not improving security but instead you are making
life needlessly harder.
Oh, and changing permissions is not a very good workaround as the next update
will overwrite them.
OK, I'll surrender to popular opinion here - the tog-pegasus libraries are now
back at mode 0755, in tog-pegasus-2.5.1-5.FC5 / tog-pegasus-2.5.1-6.FC6 .
Releasing tog-pegasus-2.5.1-5.FC5 to updates/testing today.
Thanks. tog-pegasus-2.5.1-5.FC5 works as expected.