2 captures
06 Sep 2015 - 20 Jan 2024
Aug SEP Oct
06
2014 2015 2016
success
fail

About this capture

COLLECTED BY

Organization: Internet Archive

The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine.

Collection: Wide Crawl Number 13

Web Wide Crawl Number 13
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20150906232130/http://lwn.net/Articles/552342/
  
LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for September 3, 2015

Debsources as a platform

LWN.net Weekly Edition for August 27, 2015

Reviving the Hershey fonts

Glibc wrappers for (nearly all) Linux system calls

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pondering the X client vulnerabilities

Pondering the X client vulnerabilities

Posted May 30, 2013 22:27 UTC (Thu) by nix (subscriber, #2304)
In reply to: Pondering the X client vulnerabilities by Cyberax
Parent article: Pondering the X client vulnerabilities

BIND is a classic example of something which needs just that privilege (though it switches user after startup) and also happens to be threaded.

(Log in to post comments)

Pondering the X client vulnerabilities

Posted May 30, 2013 23:12 UTC (Thu) by anselm (subscriber, #2796) [Link]

Since when is BIND a SUID-root X11 client?

Pondering the X client vulnerabilities

Posted Jun 3, 2013 13:54 UTC (Mon) by nix (subscriber, #2304) [Link]

It's not, but the thread had drifted to saying that nobody needs to use the threading primitives and the like that Qt provides while running as root. This is tantamount to saying that nobody would want to write threaded code that runs as root, which is ridiculous. (syslog-ng and systemd both use Glib for much the same reason, and Glib provides rather worse facilities in this area than does Qt, IMNSHO.)

Qt is not just about GUI stuff, and hasn't been for as long as KDE has been using it, pretty much. (It only got properly separated out in Qt 4, though.)

Pondering the X client vulnerabilities

Posted Jun 3, 2013 14:21 UTC (Mon) by anselm (subscriber, #2796) [Link]

Nobody needs to use Qt's threading and networking primitives when running SUID root, which is a completely different ballgame than running as root as a daemon.

There's probably nothing wrong with using the non-GUI parts of Qt to implement a threaded networking daemon, if one doesn't mind the Qt haters' jumping all over one. But such a daemon would not run SUID root; it would be started as root initially (from something like SysV init or systemd) and then drop its root privileges ASAP.

It was actually Cyberax who claimed that »It's actually EXTREMELY common to have networked programs to be SUIDed«. This is apparently so common that so far he hasn't managed to come up with one single example.

Pondering the X client vulnerabilities

Posted Jun 5, 2013 20:09 UTC (Wed) by nix (subscriber, #2304) [Link]

Agreed. Really nothing at all should use the suid/sgid bits to gain privilege. They should use something like d-bus services (or, in an ideal world, userv, but nobody but me and Ian Jackson seems to have heard of that) to request that a process that is already root create a new instance of the appropriate thing on its behalf. Without a parent/child relationship you're free of the unexpected inherited state problems that cause so much trouble for SUID binaries, with the slight additional problem that you have to reflect stdout/stderr for the new process. But a library should be able to handle that (something else which, IIRC, userv does but D-Bus does not...)

Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds