Improve logic of privileged_writable
GoogleCodeExporter opened this issue · 1 comments
GoogleCodeExporter commented
I believe there are a couple of deficiencies in the current implementation of
the privileged_writable check:
1. I think files writable by a low privileged owner should always be a warning,
not just if YOU are the current owner. If I'm running the tool as the root user
for auditing purposes then I want to know if a standard user owns a script
they're permitted to run as root via sudo.
2. Furthermore, if a low privileged user owns a privileged file then it should
be reported no matter what the current permissions are. This is because the
owner can just set it to writable if necessary.
3. Similarly to (1), if an untrusted group can write to a privileged file then
it should be a warning even if the current user isn't a member of the group.
The attached patch will make these changes. In it's current form it only trusts
the user with ID zero and the main group of the user with ID zero. Hopefully
this can be improved with configurable trusts in future, see #20.
I also modified some user and group utilities to support the changes:
* Implemented the group_is_root() function by checking against `id -g -n 0`
* Switched user_is_root() and user_is_user_root() to match other
user_is_user_*() functions which check the current user rather than a supplied
user.
* Implemented user_is_root()
Original issue reported on code.google.com by JJC...@googlemail.com on 25 Feb 2015 at 1:30
Attachments:
GoogleCodeExporter commented
Apparently numeric arguments to id were only introduced in September 2013, so a
number of common distros don't support this convention yet.
New patch works around this, but a bit more hacky for the group test.
Original comment by JJC...@googlemail.com on 1 Mar 2015 at 10:19
Attachments: