On Thu, Jun 14, 2007 at 08:40:16AM -0500, Tom spot Callaway wrote:
On Thu, 2007-06-14 at 10:19 +0200, Axel Thimm wrote:
> On Wed, Jun 13, 2007 at 11:45:27PM -0500, Tom spot Callaway wrote:
> > I'm not quite sure I'm ready to bring this to the FPC for a vote, but
> > I've been working on a modified version of Ville's draft:
> >
> >
http://fedoraproject.org/wiki/TomCallaway/UsersAndGroupsDraft
> >
> > While this is more complicated, I think it more adequately covers the
> > corner cases of adding users and groups. Thoughts?
>
> It is far too complicated, Ville's version did the job already quite
> well. You're also introducing non-standard tools again. :/
Not really. The tools I introduced are helper scripts.
Ville's draft only created the user/group if it didn't exist, and if
not, didn't, but left the files owned as that user/group. That security
issue concerns me.
Looking at it again I think it doesn't improve if you elevate the
ownership to root. Imaging the package in question being ftp, http,
mldonkey or whatever daemon has been made non-root so a remote
attacker cannot elevate his priviledges. By making these root the
daemons have too much priviledges.
So please no silent failure and "recovery", if there is a broken
user/group better bail out of the transation. It really will be rare
corner case unless we get a daemon called Jacob or Emily (current top
baby names in the US ;=)
--
Axel.Thimm at
ATrpms.net