Secure executable permissions #65
Merged
+19
−24
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In configure.ac we were adding two flags to INSTALL_OPTS that change the owner:group of all installed files to ndo2db_user:ndo2db_group. This is often a security vulnerability, since executables (we have a few) are typically installed into everyone's PATH. If root ever executes them, the ndo2db_user can take advantage of the situation to run malicious code as root. Fortunately the change in ownership is not really needed. We simply drop the INSTALL_OPTS, which are used for nothing else, allowing our files to be installed as the user who is doing the installing. When installing to one of the system PATHs, that will almost always be root.
Three executables -- file2sock, log2ndo, and sockdebug -- are currently being installed group-writable but not world-executable. This is in contrast with the other two executables, ndo2db and ndomod.o, that are installed mode 0755. Having recently removed the INSTALL_OPTS that were altering the owner:group of these files, there is no longer any security risk to mode 0774. However, 0755 is more consistent with both the rest of our executables, and with the typical permissions on /usr/bin that arise from the (extremely common) umask of 0022. We change these three to 0755 for a little bit of extra peace of mind. changes. Lines starting # with '#' will be ignored, and an empty message aborts the commit. # # Date: Sat Mar 2 19:52:47 2024 -0500 # src/Makefile.in #
|
Thanks for the patch! This looks good to me. |
|
Thanks! I thought I had fixed this in nagios-core, too, but now that I look back the issue sort of stalled: NagiosEnterprises/nagioscore#424 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Installing executables as
nagios:nagios(the default) is a security issue on a typical system where those executables will wind up in everyone'sPATH. In these two commits I simply delete the special handling, letting all executables be installed mode 755 with the owner unchanged. (This would result inroot:rootownership for a "normal"/usr/bininstall.)