Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 49879 - cvs should be setuid root in dev-util/cvs
Summary: cvs should be setuid root in dev-util/cvs
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Rainer Größlinger (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-05-03 11:52 UTC by Ryan C. Gordon
Modified: 2004-05-22 20:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
proposed changes for xinetd config (cvspserver.xinetd.d.diff,57 bytes, patch)
2004-05-22 16:48 UTC, Rainer Größlinger (RETIRED) 		Details | Diff
proposed changes for cvs-1.11.16-r1 (cvs-1.11.16.ebuild.diff,994 bytes, patch)
2004-05-22 16:49 UTC, Rainer Größlinger (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan C. Gordon 2004-05-03 11:52:37 UTC 
Unless /usr/bin/cvs is setuid root, it can't change users, which makes it unusable for serving multiple anonymous read-only clients.

 Details and discussion:
   http://mail.gnu.org/archive/html/info-cvs/2001-06/msg00071.html

cvs in portage works fine as-is for client usage.

--ryan.
Comment 1 Ryan C. Gordon 2004-05-03 16:16:35 UTC 
Wanted to follow up on this, and correct my report:

cvs gets installed into xinetd to run in pserver mode as user "cvs" and group "cvs". This breaks anonymous pserver access, since non-root binaries can't setuid() to a different user, which pserver does for security...in dropping root privs like this, it doesn't need to run as a "cvs" user in the first place.

However, setting the suid bit on /usr/bin/cvs so it runs as root breaks cvs-over-ssh in other strange ways. Details here:
    https://bugzilla.icculus.org/show_bug.cgi?id=1646

The solution appears to be running the pserver as root in xinetd (which lets it change users and drop privs), and NOT setting the suid bit on the binary (so users working over ssh get the right permissions...in this case, the cvs binary has to be run as the user that ssh'd into the server, and not root).

So I guess the actual bug solution is not tagging the binary as suid root, but instead:

 - change the xinetd entry for cvspserver to run as root, not the user "cvs".
 - Don't make the cvs user/group in the ebuild at all? I don't think it's necessary in light of this...?

Sorry for the misinformation in the original bug report, but the issue was a little deeper than I originally believed it to be.

Thanks,
--ryan.
Comment 2 Rainer Größlinger (RETIRED) gentoo-dev 2004-05-07 04:27:57 UTC 
Sorry, it took me some time to comment on this :)

I am currently looking for our cvs server admin, so that we can fix this issue for people who want to run a server for sure.

I hope to get this solved over the weekend.
Comment 3 Rainer Größlinger (RETIRED) gentoo-dev 2004-05-22 16:25:42 UTC 
I will attach proposed fixes for the ebuild/xinetd file soon.
Please review then :)
Comment 4 Rainer Größlinger (RETIRED) gentoo-dev 2004-05-22 16:48:50 UTC 
Created attachment 31856 [details, diff]
proposed changes for xinetd config
Comment 5 Rainer Größlinger (RETIRED) gentoo-dev 2004-05-22 16:49:25 UTC 
Created attachment 31857 [details, diff]
proposed changes for cvs-1.11.16-r1
Comment 6 Rainer Größlinger (RETIRED) gentoo-dev 2004-05-22 16:50:01 UTC 
The ebuild diff also contains the "doc" USE additions proposed by jmglov.

Sorry that I didn't seperate them :/
Comment 7 Josh Glover (RETIRED) gentoo-dev 2004-05-22 17:32:24 UTC 
I have tested scandium's proposed changes, and I can get pserver working using the normal methods. Go for it, scandium! :)
Comment 8 Rainer Größlinger (RETIRED) gentoo-dev 2004-05-22 17:47:24 UTC 
committed
Comment 9 Ryan C. Gordon 2004-05-22 20:08:09 UTC 
You guys rock, as usual.  :)

Thanks for your attention!

--ryan.