search

Icinga / icinga-core

Icinga 1.x, the old core (EOL 31.12.2018)
GNU General Public License v2.0
45 stars 27 forks source link

installation clobbers ownership of /var (localstatedir) #1605

Closed orlitzky closed 6 years ago

orlitzky commented 6 years ago

A typical ./configure && make && make install process results in something like the following being run, where /var is the default localstatedir:

/usr/bin/install -c -m 775 -o icinga -g icinga -d /var
/usr/bin/install -c -m 775 -o icinga -g icinga -d /var/archives
/usr/bin/install -c -m 775 -o icinga -g icinga -d /var/spool/checkresults

The checkresults line is probably safe, the archives line maybe less so; but the /var line definitely not. This command:

/usr/bin/install -c -m 775 -o icinga -g icinga -d /var

Will change the permissions of /var on the user's live filesystem:

$ ls /
total 108K
drwxr-xr-x   2 root   root   4.0K 2017-12-13 13:59 bin
drwxr-xr-x   3 root   root   4.0K 2016-09-30 14:43 boot
drwxr-xr-x  13 root   root   2.7K 2017-12-19 12:47 dev
drwxr-xr-x  79 root   root   4.0K 2017-12-19 13:09 etc
drwxr-xr-x   5 root   root   4.0K 2017-11-28 14:58 home
lrwxrwxrwx   1 root   root      5 2017-12-13 12:56 lib -> lib64
drwxr-xr-x  11 root   root    12K 2017-12-13 13:59 lib64
drwx------   2 root   root    16K 2011-01-07 12:40 lost+found
drwxr-xr-x  12 root   root   4.0K 2011-08-14 09:55 mnt
drwxr-xr-x   4 root   root   4.0K 2017-09-13 14:43 opt
dr-xr-xr-x 140 root   wheel     0 2017-12-05 11:52 proc
drwx------  14 root   root   4.0K 2017-11-27 15:15 root
drwxr-xr-x  15 root   root    460 2017-12-05 12:01 run
drwxr-xr-x   2 root   root   4.0K 2017-12-13 13:59 sbin
dr-xr-xr-x  11 root   root      0 2017-12-05 11:52 sys
drwxrwxrwt  10 root   root    36K 2017-12-19 13:17 tmp
drwxr-xr-x  11 root   root   4.0K 2017-12-04 21:56 usr
drwxrwxr-x  13 icinga icinga 4.0K 2017-09-20 13:27 var

The next time root does anything important under /var, the icinga user can trick him to gain root.

orlitzky commented 6 years ago

Oh, and for the fix: if you don't need to write directly to $localstatedir, but only to those two subdirectories, then just skip the owner/group args on $localstatedir.

dnsmichi commented 6 years ago

This only happens if the user modifies prefix dir. In that specific case you'd really need to fix permissions either way. That's nothing really critical imho and I won't fix it either. Thanks for the thoughts though.