Bug 185979

Summary:	net-p2p/dbhub suid USE flag
Product:	Gentoo Linux	Reporter:	Sven E. <dark>
Component:	[OLD] Unspecified	Assignee:	Gentoo net-p2p team <net-p2p>
Status:	RESOLVED FIXED
Severity:	enhancement
Priority:	High
Version:	2006.1
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Ebuild for current version of dbhub including switch user Replacement for the dbhub-gentoo.patch file Ebuild with siwtch_user support ebuild for new version 0.451

Description Sven E. 2007-07-20 12:47:31 UTC

DB Hub has the feature to suid, if feature is enabled. A corresponding useflag might be usefull.


Reproducible: Always

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-07-20 14:23:42 UTC

For what exactly would this be useful? An additional potential security hole to install the binary suid?

Comment 2 Sven E. 2007-07-20 14:38:12 UTC

Okay, this was a little misleading. The feature enables basicly to run dbhub as root (as in: root user starts it), keeps the bind capability for priviledged ports, then suid to the given user and thus dropping the root priviliedges.
If you know of an alternative, to accomplish the same thing, whithout enabling the user switching (suid to unpriviledged) I'd be glad to know.

Comment 3 Sven E. 2007-10-13 03:13:29 UTC

Created attachment 133284 [details, diff]
Ebuild for current version of dbhub including switch user

Since this is still open and there's no ebuild for the new version yet, I supply an updated ebuild with a 'switchuser' useflag.

Comment 4 Sven E. 2007-10-13 03:14:25 UTC

Created attachment 133285 [details, diff]
Replacement for the dbhub-gentoo.patch file

Made new patch to go with new ebuild.

Comment 5 Sven E. 2007-11-26 21:03:57 UTC

Created attachment 137076 [details]
Ebuild with siwtch_user support

Since noone ever took care of adding support for this, here is a corrected ebuild for dbhub-0.450. Make sure, to grab the lstest 0.450 package or otherwise dbhub will not compile with siwtch_user enabled.

Comment 6 Sven E. 2007-11-26 21:06:27 UTC

Since the switch_user (resp. suid) use flag was not incorporated into the ebuild after the update to the new version, I reopened this. Maybe someone is grateful enough to commit this into portage (maybe as 0.450-r1?).

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2007-12-17 20:59:50 UTC

Fails to compile for me with that enabled

Comment 8 Sven E. 2007-12-17 21:39:05 UTC

Did you get the correct updated package? The one in the distfiles mirrors is outdated and broken - although they carry the same version, the packages differ.

(In reply to comment #7)
> Fails to compile for me with that enabled
>

Comment 9 Sven E. 2008-02-09 23:45:20 UTC

Created attachment 143063 [details]
ebuild for new version 0.451

Version bump to new dbhub version.
Support for switch_user (useflag).
New useflag debug.

Maybe this time somebody is capable of adding this to portage and add stuff to the ebuild, that might be mising (i.e. disable stripping when debug is in USE flags).

Comment 10 Raúl Porcel (RETIRED) gentoo-dev

2008-02-25 14:48:57 UTC

In CVS