Ubuntu
base-files package

Bug #13795
Comment #113

Comment 113 for bug 13795

Revision history for this message

In Debian Bug tracker #299007, Paul Szabo (psz-maths) wrote on 2005-03-31: Re: Bug#299007: base-files: Insecure PATH

#113

Bill Allombert <email address hidden> wrote:

>> Group staff is an anachronism: its ownership of /home is "wrong". Its use
>> and usefulness should be reviewed.
>
> An anachromism ? What paradigm shift made it "wrong" ?
>
>> Group staff is said to be useful "for helpdesk types or junior sysadmins",
>> without warnings that it is in fact root-equivalent.
>
> Who said that ?

Quoting from the original bug report:

The Debian Reference [3] and Securing Debian Manual [4], [5] say

[group] staff is ... for helpdesk types or junior sysadmins ... to do
things in /usr/local and to create directories in /home.

[group] staff: Allows users to add local modifications to the system
(/usr/local, /home) without needing root privileges.

The 'staff' group are usually help-desk/junior sysadmins, allowing them
to work in /usr/local and create directories in /home.

  (This is surely wrong, seems a SysV left-over: you need root privileges to
  chown user directories in /home or in fact to create users in /etc/passwd.)
  ...
  [3] http://www.debian.org/doc/manuals/reference/ch-tune.en.html#s9.2.3
  [4] http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.1.12.1
  [5] http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.1.12.2

Re-wording. Group staff ownership of /home does not seem very useful, as it
only allows directories to be created but not chowned to the user. I guess
that this is a left-over from SysV times when anyone could chown.

The above quoted authoritative Debian references advertise the use of group
staff for semi-trusted users.

>> Use of root-equivalent users and groups may enlarge the attack surface.
>
> There are a lot of them, though.

Noted. All the more enlargement.

>> If commonly used software allows breaching some security features, then
>> the features need to be changed.
>
> No security conscious person use NFS in a security sensitive context
> anyway.

Is this hearsay, common knowledge, or documented somewhere?

Please note that NFS was only an example how root-equivalent things become
an acute issue. (Admittedly my only current example: you rightfully would
not accept past sendmail bugs.)

Cheers,

Paul Szabo <email address hidden> http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

Bill Allombert <allomber@math.u-bordeaux.fr> wrote:

>> Group staff is an anachronism: its ownership of /home is "wrong". Its use
>> and usefulness should be reviewed.
> 
> An anachromism ? What paradigm shift made it "wrong" ?
> 
>> Group staff is said to be useful "for helpdesk types or junior sysadmins",
>> without warnings that it is in fact root-equivalent.
> 
> Who said that ?

Quoting from the original bug report:

The Debian Reference [3] and Securing Debian Manual [4], [5] say
  
    [group] staff is ... for helpdesk types or junior sysadmins ... to do
    things in /usr/local and to create directories in /home.
  
    [group] staff: Allows users to add local modifications to the system
    (/usr/local, /home) without needing root privileges.
  
    The 'staff' group are usually help-desk/junior sysadmins, allowing them
    to work in /usr/local and create directories in /home. 
  
  (This is surely wrong, seems a SysV left-over: you need root privileges to
  chown user directories in /home or in fact to create users in /etc/passwd.)
  ...
  [3] http://www.debian.org/doc/manuals/reference/ch-tune.en.html#s9.2.3
  [4] http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.1.12.1
  [5] http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.1.12.2

The above quoted authoritative Debian references advertise the use of group
staff for semi-trusted users.

>> Use of root-equivalent users and groups may enlarge the attack surface.
> 
> There are a lot of them, though.

Noted. All the more enlargement.

>> If commonly used software allows breaching some security features, then
>> the features need to be changed.
> 
> No security conscious person use NFS in a security sensitive context
> anyway.

Is this hearsay, common knowledge, or documented somewhere?

Please note that NFS was only an example how root-equivalent things become
an acute issue. (Admittedly my only current example: you rightfully would
not accept past sendmail bugs.)

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Ubuntubase-files package

Comment 113 for bug 13795

Ubuntu
base-files package