Bug 2654 - /usr/bin/disable-paste does not need to be suid root!(?)
/usr/bin/disable-paste does not need to be suid root!(?)
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: gpm (Show other bugs)
6.0
i386 Linux
low Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-05-08 08:41 EDT by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-06-02 07:34:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Evans 1999-05-08 08:41:55 EDT
Look at /usr/bin/disable-paste. It is suid-root.

Brief testing showed that its functionality works fine if it
is _not_ suid root.

The risk is that the user can pass arbitrary environment
variables, etc. to the GPM program. disable-paste is just a
wrapper which calls gpm.
Comment 1 Dale Lovelace 1999-05-27 14:11:59 EDT
/usr/bin/disable-paste is suid root. The gpm Makefile contains this
line:

$(INSTALL_PROGRAM) -o root -m 4755 disable-paste \
$(bindir)/disable-paste

  So apparently the gpm people think it should be suid-root. I have
emailed Ian Zimmerman <itz@rahul.net> who is mentioned in the Makefile
about this. I will update this bug when I hear back from him.

  I chmod'ed /usr/bin/disable-paste 755 and I had no problems copy and
pasting among vc's etc.

  This is the entire disable-paste.c

#include <unistd.h>             /* execv */

static char* argv[] = {
  "gpm",
  "-A",
  "-q",
  0
};

int
main()

  execv(SBINDIR "/gpm", argv);
  exit(127);
Comment 2 Dale Lovelace 1999-05-28 09:07:59 EDT
Email from Ian Zimmerman <itz@transbay.net> (maintainer of gpm):

>   I am looking at /usr/bin/disable-paste in the gpm package which is
>   suid root. I am wondering what the need of setting this file suid
>   root is. Brief testing has shown no ill consequences from changing
>   this file to 755.

disable-paste has to be suid root because it exec's gpm with the -k
argument.  If run as a normal user, it won't crash and burn, but it
won't do anything else either (in particular, it won't do its job
which is to disable any existing kernel selection buffer until a new
selection is made).

--
Ian Zimmerman                         <itz@transbay.net>
Electing a quail for President might cause wierd affects,
such as school principles refusing to eat baked potatoe.
Comment 3 Chris Evans 1999-05-30 17:04:59 EDT
Sorry to reopen, but -- wrong.
Do this:

chmod -s `which disable-paste`

Now, as a non-root user, select some stuff in the console.
Now run the unprivileged disable-paste. And hey presto, the kernel
console paste buffer has been cleared. This proves that suid-root
privs are not required

So please verify this finding and remove the suid bit in Rawhide.

Remember, disable-paste execs "gpm" as root, which inherits arbitrary
user environment variables, etc, so the risk is beyond the 10 lines of
code or so in "disable-paste" itself.
Comment 4 Jeff Johnson 1999-06-02 07:34:59 EDT
Fixed (by removing setuid) in gpm-1.17.5-5. Thanks for persisting.

Note You need to log in before you can comment on or make changes to this bug.