Bug 81524 - [PATCH] NUT runs as 'nobody' - requires 'nobody' be given privs
Summary: [PATCH] NUT runs as 'nobody' - requires 'nobody' be given privs
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: nut   
(Show other bugs)
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-01-10 03:34 UTC by Andrew Bartlett
Modified: 2007-04-18 16:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-11 22:54:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to correct these issues (2.30 KB, patch)
2003-01-10 04:03 UTC, Andrew Bartlett
no flags Details | Diff

Description Andrew Bartlett 2003-01-10 03:34:04 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913

Description of problem:
The NUT UPS tools require that the 'nobody' user - used for various untrusted
servies to prevent breakin - be given privilages.

In pariticular NUT requires thet the serial line be owned or group writeable by
this untrusted user.  

Instead, NUT should be configured to use it's own user (preventing 
a malicious 'nobody' program from killing it etc) and be group 'uucp'
for access to the serial line

(This will allow the UPS to function with just config file setup, not
changes to /dev)



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install NUT
2. Configure
3. Attempt to start
    

Actual Results:  NUT reqesting that an unprivaged user, used by programs that
want to
give up privilages, be given privages that would allow (say) a mallilous poweroff

Expected Results:  NUT to function with existing permissions

Additional info:

Once I fixed the spec file (as per patch) it works quite well.

Patch also corrects an issue at shutdown - the OPTIONS is not used.

Comment 1 Andrew Bartlett 2003-01-10 04:03:48 UTC
Created attachment 89278 [details]
Patch to correct these issues

This patch corrects the issues mentioned in this bug.

The patch is slightly munged - I removed the uid number for the 'ups' user.  
Please replace ??? with a validly allocated UID.

Andrew Bartlett

Comment 2 Ngo Than 2003-02-11 22:54:42 UTC
1.2.0-5 has this fix. Thanks for your infos.

bbrock: could you please test it again, if it's really fixed. I don't have
hardware for testing. Thanks


Note You need to log in before you can comment on or make changes to this bug.