Debian bug report logs - #1696, boring messages

Message sent to debian-devel@pixar.com:

Subject: Bug#1696: inetd manpage infelicity could cause alarm
Reply-To: Ian Jackson <ian@chiark.chu.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Tue, 17 Oct 1995 19:48:02 GMT
Resent-Message-ID: <debian-bugs-handler.1696.B10171943510@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
Message-Id: <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>
Date: Tue, 17 Oct 95 20:41 BST
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: Debian bugs submission address <debian-bugs@pixar.com>

Package: netbase
Version: 1.16-1

The inetd(8) manpage says:
     The user entry should contain the user name of the user as whom the serv-
     er should run.  This allows for servers to be given less permission than
     root. An optional group name can be specified by appending a dot to the
     user name followed by the group name. This allows for servers to run with
     a different (primary) group id than specified in the password file. If a
     group is specified and user is not root, the supplementary groups associ-
     ated with that user will still be set.

I'm not sure whether that should be `If no group is specified ...',
but that behaviour would be a security hole if it were the case.
People who write a userid in the inetd.conf rightly expect inetd to
set the gid and supplementary groups as well.  Luckily inetd does
actually do this.  I tried
 1557           stream  tcp     nowait  nobody  /usr/sbin/tcpd /usr/bin/id
and got
 -chiark:~> telnet localhost 1557
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
 Connection closed by foreign host.
 -chiark:~>

So, I think this is a documentation bug only.

I haven't done any experiments with specifying a group in the
inetd.conf.

Ian.

Message sent:

From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Subject: Bug#1696: Acknowledgement (was: inetd manpage infelicity could cause alarm)
In-Reply-To: <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>
References: <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>

Thank you for the problem report you have sent regarding Debian GNU/Linux.
This is an automatically generated reply, to let you know your message has
been received.  It is being forwarded to the developers' mailing list for
their attention; they will reply in due course.

If you wish to submit further information on your problem, please send
it to debian-bugs@pixar.com, but please ensure that the Subject
line of your message starts with "Bug#1696" or "Re: Bug#1696" so that
we can identify it as relating to the same problem.

Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.

Ian Jackson
(maintainer, debian-bugs)

Message sent to debian-devel@pixar.com:

Subject: Bug#1696: inetd manpage infelicity could cause alarm
Reply-To: Ian Jackson <ian@chiark.chu.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Wed, 18 Oct 1995 01:03:02 GMT
Resent-Message-ID: <debian-bugs-handler.1696.B10180054000@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
Message-Id: <m0t5Mk7-0002YHC@chiark.chu.cam.ac.uk>
Date: Wed, 18 Oct 95 01:52 BST
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: debian-bugs@pixar.com
In-Reply-To: <9510172245.AA26840@server.et-inf.fho-emden.de>
References: <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>
	<9510172245.AA26840@server.et-inf.fho-emden.de>

Peter Tobias writes ("Re: Bug#1696: inetd manpage infelicity could cause alarm"):
> Ian Jackson wrote:
> > The inetd(8) manpage says:
> >      The user entry should contain the user name of the user as whom the serv-
> >      er should run.  This allows for servers to be given less permission than
> >      root. An optional group name can be specified by appending a dot to the
> >      user name followed by the group name. This allows for servers to run with
> >      a different (primary) group id than specified in the password file. If a
> >      group is specified and user is not root, the supplementary groups associ-
> >      ated with that user will still be set.
>
> > I'm not sure whether that should be `If no group is specified ...',
> > but that behaviour would be a security hole if it were the case.
> > People who write a userid in the inetd.conf rightly expect inetd to
> > set the gid and supplementary groups as well.  Luckily inetd does
> > actually do this. [...]
>
> I think the manual page is correct:
> [ transcript omitted ]

Ah, yes, I see - I missed the word `still'.  Under the circumstances
this behaviour seems like a mistake, even though it is documented.

> As you can see the group of the (non root) user "tobias" is set to "nogroup"
> and the supplementary groups of the user "tobias" are still there.

Quite.

Ian.

Message sent:

From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Subject: Bug#1696: Info received (was Bug#1696: inetd manpage infelicity could cause alarm)
In-Reply-To: <m0t5Mk7-0002YHC@chiark.chu.cam.ac.uk>
References: <m0t5Mk7-0002YHC@chiark.chu.cam.ac.uk>

Thank you for the additional information you have supplied regarding
this problem report.  It has been forwarded to the developers to
accompany the original report.

If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1696" or "Re: Bug#1696" so that
we can identify it as relating to the same problem.

Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.

Ian Jackson
(maintainer, debian-bugs)

Message sent:

From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: tobias@et-inf.fho-emden.de
In-Reply-To: <9510201610.AA05795@server.et-inf.fho-emden.de>
References: <9510201610.AA05795@server.et-inf.fho-emden.de> <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>
Subject: Bug#1696: marked as done (was: inetd manpage infelicity could cause alarm)

Your message dated Fri, 20 Oct 1995 17:10:05 +0100 (MET)
with message-id <9510201610.AA05795@server.et-inf.fho-emden.de>
and subject line Bug#1696: inetd manpage infelicity could cause alarm
has caused the attached bug report to be marked as done.

It is your now responsibility to ensure that the bug report is dealt
with.

(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Ian Jackson
(maintainer, debian-bugs)

Received: with rfc822 via encapsulated-mail; Tue, 17 Oct 1995 19:43:49 GMT
From chiark.chu.cam.ac.uk!ian Tue Oct 17 12:42:13 1995
Return-Path: <ian@chiark.chu.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0t5Hts-00061yC; Tue, 17 Oct 95 12:42 PDT
Received: from artemis.chu.cam.ac.uk by pixar.com with SMTP id AA20004
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Tue, 17 Oct 1995 12:41:42 -0700
Received: from chiark.chu.cam.ac.uk by artemis.chu.cam.ac.uk with smtp
	(Smail3.1.29.1 #33) id m0t5Ivv-0007u9C; Tue, 17 Oct 95 20:48 GMT
Received: by chiark.chu.cam.ac.uk
	id m0t5HtX-0002axC
	(Debian /\oo/\ Smail3.1.29.1 #29.33); Tue, 17 Oct 95 20:41 BST
Message-Id: <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>
Date: Tue, 17 Oct 95 20:41 BST
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: Debian bugs submission address <debian-bugs@pixar.com>
Subject: inetd manpage infelicity could cause alarm

Package: netbase
Version: 1.16-1

The inetd(8) manpage says:
     The user entry should contain the user name of the user as whom the serv-
     er should run.  This allows for servers to be given less permission than
     root. An optional group name can be specified by appending a dot to the
     user name followed by the group name. This allows for servers to run with
     a different (primary) group id than specified in the password file. If a
     group is specified and user is not root, the supplementary groups associ-
     ated with that user will still be set.

I'm not sure whether that should be `If no group is specified ...',
but that behaviour would be a security hole if it were the case.
People who write a userid in the inetd.conf rightly expect inetd to
set the gid and supplementary groups as well.  Luckily inetd does
actually do this.  I tried
 1557           stream  tcp     nowait  nobody  /usr/sbin/tcpd /usr/bin/id
and got
 -chiark:~> telnet localhost 1557
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
 Connection closed by foreign host.
 -chiark:~>

So, I think this is a documentation bug only.

I haven't done any experiments with specifying a group in the
inetd.conf.

Ian.

Message sent:

From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Subject: Bug#1696 acknowledged by developer (was: inetd manpage infelicity could cause alarm)
References: <9510201610.AA05795@server.et-inf.fho-emden.de> <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>
In-Reply-To: <m0t5HtX-0002axC@chiark.chu.cam.ac.uk>

This is an automatic notification regarding your bug report.

Responsibility for it has been taken by one of the developers, namely
"Peter Tobias" <tobias@server.et-inf.fho-emden.de> (reply to tobias@et-inf.fho-emden.de).

You should be hearing from them with a substantive response shortly, if
you have not already done so.  If not, please contact them directly,
or email debian-bugs@pixar.com or myself.

Ian Jackson
(maintainer, debian-bugs)

Ian Jackson / iwj10@thor.cam.ac.uk, with the debian-bugs tracking mechanism

This page last modified 07:43:01 GMT Wed 01 Nov