ports/112754: VERY SERIOUS security bug in sysutils/eject
Ighighi Ighighi
ighighi at gmail.com
Thu Jul 19 00:20:07 UTC 2007
The following reply was made to PR ports/112754; it has been noted by GNATS.
From: "Ighighi Ighighi" <ighighi at gmail.com>
To: "Cristian KLEIN" <cristi at net.utcluj.ro>
Cc: bug-followup at freebsd.org
Subject: Re: ports/112754: VERY SERIOUS security bug in sysutils/eject
Date: Wed, 18 Jul 2007 20:01:30 -0400
The setuid bit isn't necessary...
It's documented in the handbook how to setup /etc/devfs.conf.
Most people use the "operator" group for this but you may as well create "media"
$ grep acd0 /etc/devfs.conf
link acd0 cdrom
own acd0 root:media
perm acd0 0660
So, if "cdcontrol -f /dev/acd0 eject" works, there's no need at all
for setuid eject(8).
IMO, it's bad practice to abuse such bits when permissions suffice.
On 7/18/07, Cristian KLEIN <cristi at net.utcluj.ro> wrote:
> Besides the change suggested by the reporter, I would also recommend the
> following pkg-message:
>
> NOTE: This port is no longer installed with SETUID, because it allows
> non-privileged users to unmount a filesystem. To enable your users to
> eject the CD-ROM, install security/sudo and enter the following line in
> /usr/local/etc/sudoers:
>
> %users ALL=/usr/local/sbin/eject /dev/acd0
>
>
More information about the freebsd-ports-bugs
mailing list