Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 Jan 2013 14:48:19 +0100
From:      "Ralf Mardorf" <ralf.mardorf@rocketmail.com>
To:        "FreeBSD quest" <freebsd-questions@freebsd.org>
Subject:   Re: Sharing a mail folder between Linux and FreeBSD
Message-ID:  <op.wrgzatq7uwjkcr@freebsd>
In-Reply-To: <20130125133346.f1484ed8.freebsd@edvax.de>
References:  <op.wrguj103uwjkcr@freebsd> <20130125133346.f1484ed8.freebsd@edvax.de>

next in thread | previous in thread | raw e-mail | index | archive | help
Thank you all :)

everything is ok now. I don't mark the thread as solved, since I still  
didn't set up Evolution.

On Fri, 25 Jan 2013 13:33:46 +0100, Polytropon <freebsd@edvax.de> wrote:
>> $ ls -l `which su`
>> -r-sr-xr-x  1 rocketmouse  wheel  16880 Dec 23 18:38 /usr/bin/su
>
> Erm... that looks horribly wrong.
>
> The permissions indicate that setuid is set, but the file
> owner is wrong. For comparison:
>
> -r-sr-xr-x  1 root  wheel  14604 2011-08-21 20:24:28 /usr/bin/su*
>
> This program has to belong to root. It seems that your
> attempt to reflect UID changes in the file permissions
> exceeded the scope of this task: Programs of the OS
> seem to be affected, which is definitely not good.

IMO setuid alone already is a security risk.

>> $ ls -l /home/ | grep rocketmouse
>> drwxr-xr-x  28 rocketmouse  rocketmouse     1536 Jan 25 12:17  
>> rocketmouse
>
> You can use ls -ld to omit the grep step. :-)

$ ls -ld /home/rocketmouse
drwxr-xr-x  28 rocketmouse  rocketmouse  1536 Jan 25 13:19
/home/rocketmouse

:)

I was sure that using grep is stupid and should have done a 'man ls',
since 'help' wasn't helpful. This issue and 'cat | grep' instead of grep
only are common mistakes by many Linux users. Thank you for the hint.

> I think you can now spot a possible mistake for the file owner
> change I mentioned above: Only files inside /home should have
> been in the initial scope, but somehow -uid 1001 has been
> avaluated true for /usr/bin/su, even though I cannot imagine
> what should have caused this.

In this case /home and /mnt/*, but I understand what you mean.

> Do you have other files in /usr or even /usr/local that do
> belong to rocketmouse (uid == 1000 or 1001) now? That should
> not have happened...

/usr/bin                            is ok
/usr/include                        is ok
/usr/include/*                      seem to be ok, I just checked some
folders
/usr/lib and /usr/lib/*             are ok
/usr/libdata and /usr/libdata/*     are ok
/usr/libexec and /usr/libexec/*/*   are ok
/usr/ports                          is ok
/usr/ports/*                        seem to be ok, I just checked some
folders
/usr/sbin                           is ok
/usr/share                          is ok
/usr/share/*                        seem to be ok, I just checked some
folders
/usr/src                            is ok
/usr/src/*/*                        seem to be ok, I just checked some
folders

/usr/local                          is ok
/usr/local/bin and /usr/local/bin/* are ok
/usr/local/bootstrap* and [...]/*   are ok
/usr/local/etc                      is ok
/usr/local/etc/*                    seem to be ok, at least PolicyKit and
ConsoleKit are
/usr/local/include                  is ok
[snip]

All /usr/local/* are ok and all /usr/local/*/* seem to be ok.
Other directories in /usr and /usr/local are empty.
OT: /usr/lib32 and /usr/lib32/* belong to the empty folders in /usr. So
FreeBSD is multi arch capable?
(since there's /usr/ports/astro/google-earth for amd64, I suspect it is)

> Some programs check by whom they are called or who they
> belong to; if that's != root when it is _supposed_ to
> be root, that can cause problems, especially when it's
> not a simple x (execute), but s (setuid) program like
> an X display manager.

So I guess I only need to correct the owner for /usr/bin/su.

$ ls -l /usr/bin/su
-r-sr-xr-x  1 root  wheel  16880 Dec 23 18:38 /usr/bin/su

I wonder if setting suid is needed, while the kit family is installed. For  
sure it's possible to add a rool to some kit config.

Restart

PPPoE was enabled automagically :).

$ su
Password:
You have mail.
root@freebsd:/usr/home/rocketmouse # :)

Ctrl + Alt + F* will switch to ttyv* and su does work too. :)

So the switch to uid 1000 seem to be complete now, without any gaps.

On Fri, 25 Jan 2013 13:57:13 +0100, Erich Dollansky
<erichsfreebsdlist@alogt.com> wrote:
> Do not worry. This is the main advantage of FreeBSD over many other
> operating systems. The chances are very, verhy high that you will find
> help when needed.

For Linux it depends to the mailing list. it depends not only to the
traffic and kind of list, but also to the kind of people who are
subscribed.

Regards,
Ralf



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wrgzatq7uwjkcr>