[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [coldsync-hackers] Re: Security considerations
>>>>> "Andrew" == Andrew Arensburger <arensb+CShackers@ooblick.com> writes:
[Sorry for the late reply. Busy week..]
Andrew> No offense. Please do think about the security
Andrew> applications. I'd rather fix problems before they're
Andrew> actively exploited.
Sounds like a good philosophy!
Andrew> I think that ColdSync is no more dangerous than
Andrew> procmail,
Well.. Not a very good example (Procmail is black magic), but I
understand what you mean :-)
Andrew> I see four potential threats: 1) While ColdSync is
Andrew> still running as root, what can it be tricked into doing?
Andrew> 2) Can the 'coldsync' binary be tricked into setuid()ing
Andrew> back to root? (I think this might be possible, given the
Andrew> semantics of setuid()).
Well.. I don't think so. At least not for POSIX setuid. This is what
my manual page says (Linux):
If the user is root or the program is setuid root, special
care must be taken. The setuid function checks the effec
tive uid of the caller and if it is the superuser, all
process related user ID's are set to uid. After this has
occurred, it is impossible for the program to regain root
privileges.
So as long as you use setuid() and not seteuid() that shouldn't happen.
>> Perhaps one could run the coldsync daemon as a special user
>> that's member of a special group, and then the individual
>> .palm-directories of coldsync-using users could be write
>> enabled for the special group. Or something like that. Of
>> course this adds complexity.
Andrew> Yup. Just set the Unix user in /usr/local/etc/palms to
Andrew> that user, and list an appropriate config file for each
Andrew> Palm.
Very good!
Andrew> You're thinking of a standalone daemon. For the
Andrew> longest time, I wanted to do this, but eventually decided
Andrew> that it was too similar to 'getty' to reinvent the wheel.
Yes, but let's say you are a Unix workstation user without root
privileges on your machine and want to use coldsync. Now, if your
stupid sysadmin forgot to disallow you access to the serial ports, you
can still run a standalone coldsync daemon as your user.
But you might be right.
Anyway, thanks for your answer to my thoughts about security. Actually
what you wrote was what I wanted to hear; Someone is thinking about
the security.
If I get the time, I will check some coldsync code to see if I find
something suspicios. However, my time is limited.
Thanks for a great application!
Regards,
\EF
--
Erik Forsberg http://www.lysator.liu.se/~forsberg/
GPG/PGP Key: 1024D/0BAC89D9 <forsberg@lysator.liu.se>
Key Fingerprint: B308 87FC 566E 825A 5ABC 247C AC9B AB14 0BAC 89D9
--
This message was sent through the coldsync-hackers mailing list. To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body. For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.