> On Fri, Mar 11, 2005 at 01:39:28PM +0100, Santiago Vila wrote:
> > In this report, the submitter complains about /usr/local/bin being in
> > the PATH by default at the same time directories under /usr/local are
> > root:staff and world-writable. His complain is based on the existence
> > of become-any-group-but-root bugs.
>
> Is there evidence of such bugs ? There is no binaries sgid staff in
> Debian to start with.
You don't need sgid staff binaries. Quoting the submitter:
Become-any-user-but-root and become-any-group-but-root bugs are quite
common. When a group of machines share user home directories via NFS
exported from somewhere with default root-squash, getting root on one
machine gives precisely that on all others of the group. There have been
"genuine" such bugs also e.g. in sendmail [6].
The issue here is that "group staff" is equivalent to "user root", and
that we should better eliminate such equivalence from the default system.
> However, I disagree with the attitude of reassigning bug to
> debian-policy. If submitters want to make a policy proposal,
> they can propose it themselves.
Well, you have to be an official developer for that, so that's not
always possible.
In this case, you may consider this as a proposal made by me if you like.
This is not a bug in base-files because policy explicitly *mandates*
the root:staff thing, but as I see fewer and fewer people who find
the root:staff thing useful and more and more people who consider it
a potentially dangerous thing, I think that we would better drop the
staff thing from policy entirely, hence my reassign.
On Fri, 11 Mar 2005, Bill Allombert wrote:
> On Fri, Mar 11, 2005 at 01:39:28PM +0100, Santiago Vila wrote: any-group- but-root bugs.
> > In this report, the submitter complains about /usr/local/bin being in
> > the PATH by default at the same time directories under /usr/local are
> > root:staff and world-writable. His complain is based on the existence
> > of become-
>
> Is there evidence of such bugs ? There is no binaries sgid staff in
> Debian to start with.
You don't need sgid staff binaries. Quoting the submitter:
Become- any-user- but-root and become- any-group- but-root bugs are quite
common. When a group of machines share user home directories via NFS
exported from somewhere with default root-squash, getting root on one
machine gives precisely that on all others of the group. There have been
"genuine" such bugs also e.g. in sendmail [6].
The issue here is that "group staff" is equivalent to "user root", and
that we should better eliminate such equivalence from the default system.
> However, I disagree with the attitude of reassigning bug to
> debian-policy. If submitters want to make a policy proposal,
> they can propose it themselves.
Well, you have to be an official developer for that, so that's not
always possible.
In this case, you may consider this as a proposal made by me if you like.
This is not a bug in base-files because policy explicitly *mandates*
the root:staff thing, but as I see fewer and fewer people who find
the root:staff thing useful and more and more people who consider it
a potentially dangerous thing, I think that we would better drop the
staff thing from policy entirely, hence my reassign.