[gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Erik Hahn]

I'm using start-stop-daemon for making sure rc.wmii runs only once (If
you don't know wmii's way of handling configs: it doesn't matter).
Although I run it as user, it sets USER=root and HOME=/root. Is this
behaviour expected or should I file a bug?

	-Erik
-- 
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Jil Larner]

Hi,

You may wish to specify the --user parameter. As this tool is for system
daemons (therefore located in /sbin), it seems obvious it starts daemons
as root by default. I checked on my system and I don't have a setuid bit
on this program, no more it starts any program when my wheel user
executes the command. I've no error code, but no process is spawned.

If your non root user escalates privileges and is able to spawn a root
process, *and* there is no setuid bit on /sbin/start-stop-daemon, you
may fill a bug, if you have a procedure to reproduce it ;) Honestly, as
it is a quite old debian tool, I don't think it's buggy ;)

Sincerely,
Jil

Erik Hahn a écrit :
> I'm using start-stop-daemon for making sure rc.wmii runs only once (If
> you don't know wmii's way of handling configs: it doesn't matter).
> Although I run it as user, it sets USER=root and HOME=/root. Is this
> behaviour expected or should I file a bug?
> 
> 	-Erik

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Erik Hahn]

On Sun, Oct 05, 2008 at 08:54:25PM +0200, Jil Larner wrote:
> You may wish to specify the --user parameter. As this tool is for system
> daemons (therefore located in /sbin), it seems obvious it starts daemons
> as root by default. I checked on my system and I don't have a setuid bit
> on this program, no more it starts any program when my wheel user
> executes the command. I've no error code, but no process is spawned.

It doesn't run the command as root but as normal user (it isn't setuid 
either. All it does is setting the *variables* $USER and $HOME to the
wrong values.

> If your non root user escalates privileges and is able to spawn a root
> process, *and* there is no setuid bit on /sbin/start-stop-daemon, you
> may fill a bug, if you have a procedure to reproduce it ;) Honestly, as
> it is a quite old debian tool, I don't think it's buggy ;)

This implementation is not by Debian:

> This is a complete re-implementation with the process finding code in 
> the OpenRC library (librc, -lrc) so other programs can make use of it. 

	-Erik

-- 
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Jil Larner]

Hi,

Erik Hahn a écrit :
> It doesn't run the command as root but as normal user (it isn't setuid 
> either. All it does is setting the *variables* $USER and $HOME to the
> wrong values.
> 
Oh, I read too quickly :x And by the way didn't give the right command
switch that are --chuid --user and --env. These should give you the
result you wish. Should the program automatically set correct home and
user ? I'd say this could be great, so you may report it as a bug or,
more pobably, as a feature request.


> This implementation is not by Debian:
> 
>> This is a complete re-implementation with the process finding code in 
>> the OpenRC library (librc, -lrc) so other programs can make use of it. 

I didn't know. Where did you find this ?

Thanks,
Jil

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Erik Hahn]

On Mon, Oct 06, 2008 at 08:41:58AM +0200, Jil Larner wrote:
> Hi,
> 
> Erik Hahn a écrit :
> > It doesn't run the command as root but as normal user (it isn't setuid 
> > either. All it does is setting the *variables* $USER and $HOME to the
> > wrong values.
> > 
> Oh, I read too quickly :x And by the way didn't give the right command
> switch that are --chuid --user and --env. These should give you the
> result you wish. Should the program automatically set correct home and
> user ? I'd say this could be great, so you may report it as a bug or,
> more pobably, as a feature request.

No, it simply shouldn't change them, there's no reason to do that (to my
knowledge).
 
> > This implementation is not by Debian:
> > 
> >> This is a complete re-implementation with the process finding code in 
> >> the OpenRC library (librc, -lrc) so other programs can make use of it. 
> 
> I didn't know. Where did you find this ?

Man page.

	-Erik

-- 
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Daniel Pielmeier]

2008/10/6 Erik Hahn <erik_hahn@gmx.de>:
> No, it simply shouldn't change them, there's no reason to do that (to my
> knowledge).

If start-stop-daemon is executed by a normal user it should either not
change the user to root or deny the execution if the user is not root.
I think it is a big security issue if a normal user could start
arbitrary daemons with root privileges. So you should file a bug at
bugs.gentoo.org or better a new ticket at
roy.marples.name/projects/openrc/wiki.

I think only root should be able to execute start-stop-daemon and the
user should be changed with the proper command line switches. I
actually don't know if it is --chuid or --user as this has changed
between old baselayout and new openrc.

-- 
Regards,
Daniel

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Erik Hahn]

On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote:
> 2008/10/6 Erik Hahn <erik_hahn@gmx.de>:
> > No, it simply shouldn't change them, there's no reason to do that (to my
> > knowledge).
> 
> I think it is a big security issue if a normal user could start
> arbitrary daemons with root privileges. So you should file a bug at

It doesn't give anyone root privileges, it only sets wrong variables.
 
> I think only root should be able to execute start-stop-daemon and the
> user should be changed with the proper command line switches. I
> actually don't know if it is --chuid or --user as this has changed
> between old baselayout and new openrc.

Why's that? Running a program with user privileges is no security
problem at all. 

	-Erik

-- 
hackerkey://v4sw5hw2ln3pr5ck0ma2u7LwXm4l7Gi2e2t4b7Ken4/7a16s0r1p-5.62/-6.56g5OR

Re: [gentoo-user] start-stop-daemon sets USER=root - expected behaviour?

[Daniel Pielmeier]

Erik Hahn schrieb am 06.10.2008 20:21:
> On Mon, Oct 06, 2008 at 02:27:11PM +0200, Daniel Pielmeier wrote:
>> 2008/10/6 Erik Hahn <erik_hahn@gmx.de>:
>>> No, it simply shouldn't change them, there's no reason to do that (to my
>>> knowledge).
>> I think it is a big security issue if a normal user could start
>> arbitrary daemons with root privileges. So you should file a bug at
> 
> It doesn't give anyone root privileges, it only sets wrong variables.
>  
>> I think only root should be able to execute start-stop-daemon and the
>> user should be changed with the proper command line switches. I
>> actually don't know if it is --chuid or --user as this has changed
>> between old baselayout and new openrc.
> 
> Why's that? Running a program with user privileges is no security
> problem at all. 

I got the intention the program is started with root privileges when
using start-stop-daemon.

Nevertheless I can reproduce your problem with the wrong variables. I
think it should set the variables appropriate for the user running
start-stop-daemon. So you should file a bug report about that.

Regards,

Daniel