Can anyone explain to my why libXcomp calls setgid/setuid in Pipe.cpp:Popen() after calling fork()? It also isn't checking the results of the call, but I'm really not sure why the calls are there in the first place.
switch (pid = Fork()) { ... case 0: { // // Child. //
setgid(getgid());
setuid(getuid());Nothing is running as a setuid/setgid process is it?
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com
Hey,
this is a bit of guesswork, but,
- getgit get the _real_ real gid
- setgit sets the _effective_ gid Thus you reset the effective s/gid.
Morty
Am 11.07.2013 20:45, Orion Poplawski schrieb:
Can anyone explain to my why libXcomp calls setgid/setuid in Pipe.cpp:Popen() after calling fork()? It also isn't checking the results of the call, but I'm really not sure why the calls are there in the first place.
switch (pid = Fork()) { ... case 0: { // // Child. //
setgid(getgid()); setuid(getuid());Nothing is running as a setuid/setgid process is it?
But why does it need to call this? Isn't everything running as the user already?
On 07/14/2013 03:33 AM, Moritz Strübe wrote:
Hey,
this is a bit of guesswork, but,
- getgit get the _real_ real gid
- setgit sets the _effective_ gid Thus you reset the effective s/gid.
Morty
Am 11.07.2013 20:45, Orion Poplawski schrieb:
Can anyone explain to my why libXcomp calls setgid/setuid in Pipe.cpp:Popen() after calling fork()? It also isn't checking the results of the call, but I'm really not sure why the calls are there in the first place.
switch (pid = Fork()) { ... case 0: { // // Child. //
setgid(getgid()); setuid(getuid());Nothing is running as a setuid/setgid process is it?
X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com
Hi Orion,
On Do 25 Jul 2013 22:30:52 CEST Orion Poplawski wrote:
On 07/14/2013 03:33 AM, Moritz Strübe wrote:
Hey,
this is a bit of guesswork, but,
- getgit get the _real_ real gid
- setgit sets the _effective_ gid Thus you reset the effective s/gid.
Morty
But why does it need to call this? Isn't everything running as the
user already?
Everything in NX runs under the user who launches the X2Go session.
IMHO resetting the effective GID prevents us from setgid file
permission manipulations, so that the effective group ID always is the
primary/real group ID of the current user that is executing the NX
binary.
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On 07/25/2013 02:54 PM, Mike Gabriel wrote:
Hi Orion,
On Do 25 Jul 2013 22:30:52 CEST Orion Poplawski wrote:
On 07/14/2013 03:33 AM, Moritz Strübe wrote:
Hey,
this is a bit of guesswork, but,
- getgit get the _real_ real gid
- setgit sets the _effective_ gid Thus you reset the effective s/gid.
Morty
But why does it need to call this? Isn't everything running as the user already?
Everything in NX runs under the user who launches the X2Go session. IMHO resetting the effective GID prevents us from setgid file permission manipulations, so that the effective group ID always is the primary/real group ID of the current user that is executing the NX binary.
Greets, Mike
Some more info:
This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observ...
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com
Hi Orion,
On Do 29 Aug 2013 01:14:39 CEST Orion Poplawski wrote:
On 07/25/2013 02:54 PM, Mike Gabriel wrote:
Hi Orion,
On Do 25 Jul 2013 22:30:52 CEST Orion Poplawski wrote:
On 07/14/2013 03:33 AM, Moritz Strübe wrote:
Hey,
this is a bit of guesswork, but,
- getgit get the _real_ real gid
- setgit sets the _effective_ gid Thus you reset the effective s/gid.
Morty
But why does it need to call this? Isn't everything running as the user already?
Everything in NX runs under the user who launches the X2Go session. IMHO resetting the effective GID prevents us from setgid file permission manipulations, so that the effective group ID always is the
primary/real group ID of the current user that is executing the NX binary.Greets, Mike
Some more info:
This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all
groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem.Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observ...
I just looked at the code again. The order (setgid, then setuid) is ok
in the NX code. Will you work on the setgroups/initgroups thing?
We at least need a bug report against nx-libs. Can you please file
that against X2Go BTS?
Thanks, Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On 08/29/2013 01:44 AM, Mike Gabriel wrote:
Hi Orion,
On Do 29 Aug 2013 01:14:39 CEST Orion Poplawski wrote:
On 07/25/2013 02:54 PM, Mike Gabriel wrote:
Hi Orion,
On Do 25 Jul 2013 22:30:52 CEST Orion Poplawski wrote:
On 07/14/2013 03:33 AM, Moritz Strübe wrote:
Hey,
this is a bit of guesswork, but,
- getgit get the _real_ real gid
- setgit sets the _effective_ gid Thus you reset the effective s/gid.
Morty
But why does it need to call this? Isn't everything running as the user already?
Everything in NX runs under the user who launches the X2Go session. IMHO resetting the effective GID prevents us from setgid file permission manipulations, so that the effective group ID always is the primary/real group ID of the current user that is executing the NX binary.
Greets, Mike
Some more info:
This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observ...
I just looked at the code again. The order (setgid, then setuid) is ok in the NX code. Will you work on the setgroups/initgroups thing?
We at least need a bug report against nx-libs. Can you please file that against X2Go BTS?
Done
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com
-
Mike Gabriel -
Moritz Strübe -
Orion Poplawski