[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [coldsync-hackers] Question
On Tue, 5 Dec 2000, Ryan VanderBijl wrote:
> Documents suggest that one should NOT run the sync as root.
Yes, this was mainly meant to discourage people who apparently
assume that since it uses the serial port, it has to be run as root. As a
security-conscious sysadmin, this bothers me.
The main security holes are:
- By default, this should be considered an untrusted program. For
all you know, there might be trojans and all sorts of mean, nasty,
father-stabbing things in it.
- Even if you trust me not to write malicious code, there might be
buffer overruns and other bugs. Even ordinary behavior could possibly be
exploited to gain root access.
- The biggest problem is that ColdSync runs conduits, which are
arbitrary programs. If ColdSync runs as root, then these conduits run as
root.
In the spirit of allowing people shoot themselves in the foot if
they really want to, it _is_ possible to run ColdSync as root (and this
behavior will most likely remain), but ColdSync 1.5.x assumes that if the
userid on the Palm is 0, then it hasn't been initialized, and therefore
should not be synced.
> I would like to know how I should run coldsync from a script which
> is (and has to be) run as root.
Something like the USB daemon, you mean? I would use
su someuser -c /usr/local/bin/coldsync <args>
where 'someuser' varies depending on what you're trying to do.
If this is your personal machine, you're the only one who's going
to be syncing with it, and you simply want to avoid having to run
'coldsync' by hand all the time, you can have it 'su' to yourself.
If you want to allow anyone to sync (e.g., to provide "generic"
syncing services to your users), then I would set up a special 'coldsync'
user.
If you've su-ed this way, but there are conduits that need to run
as root for some reason, you can make them setuid. Obviously, this should
be avoided if at all possible.
If for some reason you absolutely need to have coldsync run as
root, you should initialize your Palm with a non-zero userid: make sure
your "pda { }" block in .coldsyncrc has "username:" and "userid:" lines,
and run 'coldsync -mI' (version 1.5.x).
> Would the following root .coldsyncrc file work?
> pda {
> snum: "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff-Q";
> username: "Ryan VanderBijl";
> directory: /home/rvbijl39/.palm
> userid: 1000;
> default;
> }
The "snum:" line is bogus, and won't be recognized properly by the
.coldsyncrc parser (it doesn't recognize backslash as a special
character).
Right now, your best bet is to omit the "snum:" line altogether.
It's useless with Visors, since it doesn't allow ColdSync to distinguish
one Visor from another.
For pre-Palm III devices, ColdSync recognizes
snum: "";
to mean "this device does not report a serial number", but I don't
remember whether this applies to Visors or not. You can always try it and
see if that works.
--
Andrew Arensburger Actually, these _do_ represent the
arensb@ooblick.com opinions of ooblick.com!
Generic Tagline V 6.01
--
This message was sent through the coldsync-hackers mailing list. To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body. For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.