FS#12484 - XBill wrong permissions
Attached to Project:
Arch Linux
Opened by Cristian C. (ckristi) - Wednesday, 17 December 2008, 05:55 GMT
Last edited by Eric Belanger (Snowman) - Sunday, 11 January 2009, 17:40 GMT
Opened by Cristian C. (ckristi) - Wednesday, 17 December 2008, 05:55 GMT
Last edited by Eric Belanger (Snowman) - Sunday, 11 January 2009, 17:40 GMT
|
Details
Description:
XBill has wrong permissions (as far as I read well in the PKGBUILD. Additional info: Watching the diff from the last PKGBUILD I saw this: # set appropriate permissions and destinations 29 chown root:games $pkgdir/usr/bin/xbill 30 chmod 4755 $pkgdir/usr/bin/xbill Well... you just set the xbill setuid root, not setgid games as I think you wanted, too. This can be an important security problem. The correct chmod line would be chmod 2755 $pkgdir/usr/bin/xbill Steps to reproduce: Well... I guess you just have to install the testing package and wait for the worst. :) |
This task depends upon
ls -l /usr/bin/xbill
When using chmod 2755, it doesn't work:
$ xbill
Starting /usr/bin/xbill-bin with uid = 1000, gid = 100
Gtk-WARNING **: This process is currently running setuid or setgid.
This is not a supported use of GTK+. You must create a helper
program instead. For further details, see:
http://www.gtk.org/setuid.html
Refusing to initialize GTK+.
Not only it doesn't start but it tries to run xbill-bin with the incorrect gid (100 is for users).
When using chmod 4755 :
$ xbill
Starting /usr/bin/xbill-bin with uid = 1000, gid = 50
I starts successfully with the correct gid for games.
It might be a security problem. I'll look into it.
chmod 4750 usr/bin/xbill
That is more restrictive as you need to be either root or in the games group to run it. That might be more secure.
Douglas: I added you as an assignee so you'll be informed. I'll take care of it.
From what I found by simple debugging, it seems that the error is triggered in the Bill_load_pix() function. The bock of code in question:
for (i = 0; i < ACELS; i++)
UI_load_picture_indexed("billA", i, 1, &acels[i]);
The UI_load_picture_indexed function is called a few times before without any problems and I can't see why it would fail at that point.
Can we close this bug, or we still have to left it open ? The original bug (sec problems with permission) is fixed. So, for another bug, another entry.