[gentoo-dev] USE flag "suid" in both use.desc and use.local.desc

[gentoo-dev] USE flag "suid" in both use.desc and use.local.desc

[Walter Dnes]

  Moving USE flags from local to global status is frequently discussed
here, so this seems to be the right forum to raise the issue...

[d531][waltdnes][~] grep suid /usr/portage/profiles/use.desc
suid - Enable setuid root program, with potential security risks

[d531][waltdnes][~] grep :suid /usr/portage/profiles/use.local.desc
net-analyzer/nagios-plugins:suid - Give root privileges to the ICMP, DHCP and IDE S.M.A.R.T. check binaries. This allows them to ignore the access controls that would disallow the nagios user from running the check.
net-wireless/kismet:suid - Install a setuid root helper binary with limited functionality; this allows running kismet as a normal user, significantly reducing security risks

  BTW, I would've appreciated a headsup (news item) on Xorg getting the
"suid" USE flag.  I use startx, and I couldn't start X <G>.  Fortunately,
that was on my netbook, and I was able to Google the solution on my
desktop machine... http://en.spontex.org/forum/thread/561/1/  I'm
posting a heads up on the user list.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

[gentoo-dev] Re: USE flag "suid" in both use.desc and use.local.desc

[Duncan]

Walter Dnes posted on Mon, 31 Dec 2012 01:44:25 -0500 as excerpted:

> Moving USE flags from local to global status is frequently discussed
> here, so this seems to be the right forum to raise the issue...
> 
> [d531][waltdnes][~] grep suid /usr/portage/profiles/use.desc
> suid - Enable setuid root program, with potential security risks
> 
> [d531][waltdnes][~] grep :suid /usr/portage/profiles/use.local.desc
> [several package hits]

This is now routine.  Try it with the "bindist" USE flag (and see the 
current thread), for instance.

Promoting a flag to global does mean it gets a global description in 
use.desc, but per package descriptions (as now maintained in the per-
package metadata.xml files, but there's a tree maintenance script that 
keeps use.local.desc current based on the metadata files, to keep the 
tools using it working) continue to be encouraged where they are useful, 
as they can often provide much more detailed per-package descriptions of 
what the flag actually does in that specific package, than the global 
description can.

>   BTW, I would've appreciated a headsup (news item) on Xorg getting the
> "suid" USE flag.  I use startx, and I couldn't start X <G>. 

OTOH, I followed the gentoo recommendation to do a dry run (emerge --
pretend or --ask) and actually LOOK at what's changing in terms of USE 
flags, etc, look any of the new ones up I'm not sure on (equery uses 
<pkg> in another terminal works), then if necessary, say "no" to the --
ask and make USE flag changes, etc, before going ahead with the "live" 
run.

As such, I saw the change (which is even colored differently so it's easy 
to pick out), did a quick equery uses xorg-server in a different window 
to see what was going on, and decided to go ahead.  In my case, I didn't 
have USE=suid set at all in make.conf, so the xorg-server ebuild's use-
default to ON was in effect, and I didn't have a problem.

(I was curious, however, as I'd been reading about running X as non-root, 
and after seeing that the upgrade did work with the same SUID executable 
it had before, I remerged without SUID to try it out, much faster the 
second time with ccache and since I wasn't doing other builds at the same 
time.  THEN I ran into the problem you did, but that was the only change 
I made and it was deliberate, so I knew the problem and could immediately 
undo it.)

Gentoo isn't a hand-holding distro.  The changes were there to be seen in 
the recommended emerge --pretend or --ask, and adjusted if needed before 
hand, and you chose not to take advantage of that.  I guess some people 
just have to find out the hard way why such recommendations are there.

Of course, if you prefer a distro that makes such decisions (and takes 
responsibility for them accordingly) for you, there's plenty of distros 
around that offer more of that than gentoo does.  If you don't have the 
time or patience to do the dry-runs and check changes before going thru 
with them, perhaps one of those would be more appropriate.  There's no 
shame in deciding that gentoo's simply not an appropriate distro for your 
needs, and choosing one of the others instead.

All that said, more documentation and warning wouldn't have hurt, and the 
news feature was designed for exactly this sort of thing.  Except that 
the package maintainer has to think of it, and I guess they didn't in 
this case.  But it still shouldn't have been a problem as a responsible 
admin had plenty of warning already, via the USE flag change itself.

> Fortunately,
> that was on my netbook, and I was able to Google the solution on my
> desktop machine... http://en.spontex.org/forum/thread/561/1/  I'm
> posting a heads up on the user list.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: USE flag "suid" in both use.desc and use.local.desc

[Kevin Chadwick]

On Mon, 31 Dec 2012 08:21:10 +0000 (UTC)
Duncan <1i5t5.duncan@cox.net> wrote:

> I was curious, however, as I'd been reading about running X as
> non-root, 

I use some hackery to run startx on some systems as a normal user on
linux and without suid. The only important things to me that break on
these systems is hotplugging mice etc. and which could be quite easily
fixed if it was worth the time. I've found a log out triggering a
relaunch good enough with 0 complaints for now.

You might be interested that the default on OpenBSD is for X to run as
the X11 user and xdm to run as root and involves no hackery or issues
but still some root priviledges.

Re: [gentoo-dev] USE flag "suid" in both use.desc and use.local.desc

[Rick "Zero_Chaos" Farina]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/31/2012 01:44 AM, Walter Dnes wrote:
>   Moving USE flags from local to global status is frequently discussed
> here, so this seems to be the right forum to raise the issue...
> 
> [d531][waltdnes][~] grep suid /usr/portage/profiles/use.desc
> suid - Enable setuid root program, with potential security risks
> 
> [d531][waltdnes][~] grep :suid /usr/portage/profiles/use.local.desc
> net-analyzer/nagios-plugins:suid - Give root privileges to the ICMP, DHCP and IDE S.M.A.R.T. check binaries. This allows them to ignore the access controls that would disallow the nagios user from running the check.
> net-wireless/kismet:suid - Install a setuid root helper binary with limited functionality; this allows running kismet as a normal user, significantly reducing security risks
> 
Just because it's a global use flag doesn't mean you cannot redefine it
locally to more specifically define the use case in a particular
package.  That's clearly  what is done for kismet here, I have no desire
to undefine it and make what happens less clear.

- -Zero

>   BTW, I would've appreciated a headsup (news item) on Xorg getting the
> "suid" USE flag.  I use startx, and I couldn't start X <G>.  Fortunately,
> that was on my netbook, and I was able to Google the solution on my
> desktop machine... http://en.spontex.org/forum/thread/561/1/  I'm
> posting a heads up on the user list.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQ4dAuAAoJEKXdFCfdEflKJW0P/0uP17fkn9h+3n+OZTi4B74G
wjQmGYZ1+uAKZwluUY/4BUR6l03f+ayqQATzxTQyuNjaf0LwHTVvWHCuC0HlrJM2
77dWCHE7d9SYDM1uUIyxJHFUtD1OOyrUcsC9+biHk2asVnhMhegR8wvS/iqyHxao
TiWUjXGQk12jMrMg6cIs1UPprAutLFuDX+JQFoIPew18bFw6fUQVsIcxn3OwjPzQ
roxDJ+sLmqrs5hZcZ2BhD13o40uZFe75UtshnGBhMseZ/HRCiCy9ABZiPpcQTy8f
9APXR2APt00CT3rjo2I6iGfqHS09ZfNET9VfcoQZ0GlVuzWk9CxMwKC2tLJazmnz
uY3dx/A86ej664mq2WyzTAqUZqcK3nnaENoH/YiNqjI49q3+m98twzD4rusUJG+n
EjGCItcj6uRckV2KBE3dOpuooK8kUNLjAQ1+I4AtX8tZprCwkdgH48UINy19uBB0
hwdyeYFBXVPcuk9bMgB0yxnR62JkS/3Txcn1AyxktbsBsEIGmmJrPAuZMv2LIaDp
U1vp/PC+49GbU4U3IIWXfuvdueQaZsiWhDDUUjRpeQ8dm+IxWfQcyBFHtW+DO17t
nNsMNnpmE4721+sQJDa/l/rbca8UNK39pcmVcGjJ/KzkOr3F8Yj6eV7OWows2jNd
3/OkrdiT/rUUsJy8ZQRs
=E8id
-----END PGP SIGNATURE-----