Bug 611009 - BackupPC uses perl-suidperl
BackupPC uses perl-suidperl
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: BackupPC (Show other bugs)
14
All Linux
low Severity high
: ---
: ---
Assigned To: Johan Cwiklinski
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 620623
  Show dependency treegraph
 
Reported: 2010-07-03 01:12 EDT by Ralf Corsepius
Modified: 2010-08-04 12:41 EDT (History)
5 users (show)

See Also:
Fixed In Version: BackupPC-3.1.0-15.fc14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-02 22:20:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ralf Corsepius 2010-07-03 01:12:38 EDT
Description of problem:
The release of perl in rawhide does not support perl-suidperl.

BackupPC is the last remaining package which requires perl-suidperl.
It therefore shows up as package with broken deps in rawhide package deps reports, e.g.
http://lists.fedoraproject.org/pipermail/devel/2010-July/138206.html

i.e. this package is not installable under rawhide


Version-Release number of selected component (if applicable):
BackupPC-0:3.1.0-14.fc14

Additional info:
This package will have to be removed from 
Fedora >=14, should this issue not be resolved.
Comment 1 Iain Arnell 2010-07-03 02:24:49 EDT
One simple option would be to create a C wrapper for BackupPC_Admin script and make that setuid instead of the script itself.

See http://perldoc.perl.org/perlsec.html#Security-Bugs for more details.
Comment 3 Iain Arnell 2010-07-03 05:04:15 EDT
There's also a debian bug about the same issue, but little progress.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581950

Using a C wrapper is really quite simple. Move the existing BackupPC_Admin script to BackupPC_Admin.pl, compile the wrapper and install as /usr/share/BackupPC/sbin/BackupPC_Admin with permissions 4755.

#include <unistd.h>
#ifndef REAL_PATH
#define REAL_PATH "/usr/share/BackupPC/sbin/BackupPC_Admin.pl"
#endif
int main(ac, av)
char **av;
{
    execv(REAL_PATH, av);
    return 0;
}
Comment 4 Johan Cwiklinski 2010-07-03 05:21:05 EDT
Thank for the tip Iain :)

I will probably use that to fix the current issue (I really do not want to see BackupPC disappear from repositories).

I won't have tiome for that until next week (I'm very overbooked this week), I hope having some advices from upstream until that.
Comment 5 Johan Cwiklinski 2010-07-03 16:34:55 EDT
Someone on BackupPC users mailing list tell me I can use apache suid mechanism (http://sourceforge.net/mailarchive/forum.php?thread_name=4C2F62D4.3010702%40gmail.com&forum_name=backuppc-users).

What do you think about this solution?
Comment 6 Iain Arnell 2010-07-04 02:39:47 EDT
Unfortunately, I don't think you'll be able to use apache's suexec mechanism. It's configured at compile time to only execute programs that live under /var/www (and packaging guidelines forbids packages from installing anything under /var/www), and to only execute programs as a user with uid >= 500 and gid >= 100.
Comment 7 Bug Zapper 2010-07-30 08:25:02 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Fedora Update System 2010-07-31 16:44:59 EDT
BackupPC-3.1.0-15.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14
Comment 9 Fedora Update System 2010-08-01 15:27:38 EDT
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update BackupPC'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/BackupPC-3.1.0-15.fc14
Comment 10 Fedora Update System 2010-08-02 22:19:59 EDT
BackupPC-3.1.0-15.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.