NetBSD Problem Report #44233

From www@NetBSD.org  Wed Dec 15 10:45:50 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 985D663B886
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 15 Dec 2010 10:45:50 +0000 (UTC)
Message-Id: <20101215104550.717C163B883@www.NetBSD.org>
Date: Wed, 15 Dec 2010 10:45:50 +0000 (UTC)
From: joern.clausen@uni-bielefeld.de
Reply-To: joernc@gmail.com
To: gnats-bugs@NetBSD.org
Subject: don't set setuid-bit when installing as unprivileged user
X-Send-Pr-Version: www-1.0

>Number:         44233
>Category:       pkg
>Synopsis:       don't set setuid-bit when installing as unprivileged user
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 15 10:50:00 +0000 2010
>Last-Modified:  Tue Jan 29 06:46:32 +0000 2019
>Originator:     Jörn Clausen
>Release:        
>Organization:
University of Bielefeld
>Environment:
>Description:
Some packages install binaries with the setuid-bit set. The assumption is probably, that root will install them. When doing an unprivileged install, these binaries are still installed setuid, but are owned by the unprivileged user:

$ find /usr/pkgsrc/current/libexec/ -perm -4000 | xargs ls -l
-r-s--x--x   1 pkgsrc   software  261636 Jun 16  2009 /usr/pkgsrc/current/libexec/dbus-daemon-launch-helper
-r-sr-xr--   1 pkgsrc   software    8816 Jun 17  2009 /usr/pkgsrc/current/libexec/polkit-grant-helper-pam
-r-sr-xr-x   1 pkgsrc   software    7416 Jun 17  2009 /usr/pkgsrc/current/libexec/polkit-resolve-exe-helper
-r-sr-xr-x   1 pkgsrc   software   17752 Jun 17  2009 /usr/pkgsrc/current/libexec/polkit-set-default-helper
-rws--x--x   1 pkgsrc   software  163236 Dec 10 13:39 /usr/pkgsrc/current/libexec/ssh-keysign

I think in the case of an unprivileged install, the s-bit should not be set at all. In most environments, a mechanism to suppress the s-bit (e.g. mount options) will be employed anyways. But in case such a mechanism is not used, executing the binary as the real user instead of the unprivileged pkgsrc installer is probably the better solution.
>How-To-Repeat:

>Fix:

>Release-Note:

>Audit-Trail:

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.