[Merge] lp:~stgraber/upstart/upstart-initgroups into lp:upstart

Stéphane Graber stgraber at stgraber.org
Wed Nov 28 21:12:19 UTC 2012 

Stéphane Graber has proposed merging lp:~stgraber/upstart/upstart-initgroups into lp:upstart.

Requested reviews:
  Upstart Reviewers (upstart-reviewers)

For more details, see:
https://code.launchpad.net/~stgraber/upstart/upstart-initgroups/+merge/136794

Call initgroups() before spawning a job to ensure that the user's group list
is properly initialized.

This avoids the following issue:

=== Example of the security problem ===
root at upstart-test:~# cat /etc/init/test.conf
setuid nobody
setgid nogroup

task
script
    cat /tmp/secret-file > /tmp/public-file
    chmod 666 /tmp/public-file
    id > /tmp/debug
end script
root at upstart-test:~# id nobody
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
root at upstart-test:~# echo secret > /tmp/secret-file
root at upstart-test:~# chmod 660 /tmp/secret-file
root at upstart-test:~# start test
test stop/waiting
root at upstart-test:~# cat /tmp/public-file
secret
root at upstart-test:~# ls -l /tmp/public-file
-rw-rw-rw- 1 nobody nogroup 7 Nov 28 20:59 /tmp/public-file
root at upstart-test:~# cat /tmp/debug
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup),0(root)
root at upstart-test:~# 


=== Same commands but with the fixed version ===
root at upstart-test:~# cat /etc/init/test.conf
setuid nobody
setgid nogroup

task
script
    cat /tmp/secret-file > /tmp/public-file
    chmod 666 /tmp/public-file
    id > /tmp/debug
end script
root at upstart-test:~# id nobody
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
root at upstart-test:~# echo secret > /tmp/secret-file 
root at upstart-test:~# chmod 660 /tmp/secret-file 
root at upstart-test:~# start test
start: Job failed to start
root at upstart-test:~# 



The code was tested (as shown above) and the unit tests still all pass.
However, as the tests are meant to be run as non-root, it's not possible
to add new tests testing for initgroups() behaviour.
-- 
https://code.launchpad.net/~stgraber/upstart/upstart-initgroups/+merge/136794
Your team Upstart Reviewers is requested to review the proposed merge of lp:~stgraber/upstart/upstart-initgroups into lp:upstart.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 2638 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/upstart-devel/attachments/20121128/597cdf9a/attachment-0001.diff>

More information about the upstart-devel mailing list