Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 905027

Summary: uuidd: /usr/sbin/uuidd has incorrect file permissions
Product: Red Hat Enterprise Linux 5 Reporter: Florian Weimer <fweimer>
Component: e2fsprogsAssignee: Eric Sandeen <esandeen>
Status: CLOSED ERRATA QA Contact: dhe
Severity: low Docs Contact:
Priority: low    
Version: 5.9CC: eguan, lmiksik, sct
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: e2fsprogs-1.39-37.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 905008 Environment:
Last Closed: 2014-09-16 00:24:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 905008    
Bug Blocks: 1049888    

Description Florian Weimer 2013-01-28 12:10:22 UTC 
+++ This bug was initially created as a clone of Bug #905008 +++

Description of problem:

The file /usr/sbin/uuidd should be owned by root.root:

-rwxr-xr-x. 1 uuidd uuidd 28464 Dec  3 18:54 /usr/sbin/uuidd


Version-Release number of selected component (if applicable):

uuidd-1.39-35.el5.x86_64

How reproducible:

Always.

Steps to Reproduce:
1. ls -l /usr/sbin/uuidd
  
Actual results:

File is owned by uuidd.uuidd.

Expected results:

File is owned by root.root.

Additional info:

The init script drops permissions before calling the binary file, so there is no privilege escalation uuidd -> root.
Comment 1 Eric Sandeen 2013-01-28 20:38:10 UTC 
Dumb question perhaps, but can you explain why this is a *bug* ?  Is there some actual problem here, other than proliferation of UIDs?  I don't know for sure that dropping a UID is something we can do in RHEL6 at this point, is there some policy?
Comment 2 Florian Weimer 2013-01-29 08:57:10 UTC 
I think this is a bug because /usr/sbin is on root's path, and the program might be executed directly by root.  As the binary is writable by the uuidd user and thus could have been modified, this might allow the uuidd user to gain root privileges.

The separate account is harmless, and it allows the daemon to run with reduced privileges.  I don't think we can safely remove UIDs because we'd have to scan the entire file system for remaining uses, which is impractical.  Without that, the UID might get reused in the passwd database, potentially causing a security leak.
Comment 5 RHEL Program Management 2013-05-01 07:21:06 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 9 errata-xmlrpc 2014-09-16 00:24:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1222.html