-
deuce authoredto track down the issue, I finally gave up... as a result, there is a new feature! Linux will no longer completely drop it's root privs (It never really did anyways, and you couldn't possibly make it... but now it does so even less) As a result, Linux can now recycle all servers when running as non-root. From a security standpoint, doing this is more secure than running as root, but less secure than the behaviour on POSIX.4 compliant pthreads. Running the BBS as root means that if a user can create a file with the name of his choice, or pass *any* command through to a shell, that user will get root access to the machine. Using the new behaviour, the user would need to trick the Synchronet binary itself into executing arbitrary and specially crafted code... probobly using the dreaded buffer overflow... of which there are probobly some in the web server code. :-) If the user can do this much more tricky feat, then the user gets root privs. If not, the user will have to find something else to exploit on your system. Knowing that some *BSD users (surely not OpenBSD users though) will want to trade security for convenience, I stole a page out of the Sendmail book and implemented a "DONT_BLAME_SYNCHRONET" make option. Compiling like this: gmake DONT_BLAME_SYNCHRONET=1 Will implement this same behaviour on non-Linux platforms. Allowing this partial security feature.
deuce authoredto track down the issue, I finally gave up... as a result, there is a new feature! Linux will no longer completely drop it's root privs (It never really did anyways, and you couldn't possibly make it... but now it does so even less) As a result, Linux can now recycle all servers when running as non-root. From a security standpoint, doing this is more secure than running as root, but less secure than the behaviour on POSIX.4 compliant pthreads. Running the BBS as root means that if a user can create a file with the name of his choice, or pass *any* command through to a shell, that user will get root access to the machine. Using the new behaviour, the user would need to trick the Synchronet binary itself into executing arbitrary and specially crafted code... probobly using the dreaded buffer overflow... of which there are probobly some in the web server code. :-) If the user can do this much more tricky feat, then the user gets root privs. If not, the user will have to find something else to exploit on your system. Knowing that some *BSD users (surely not OpenBSD users though) will want to trade security for convenience, I stole a page out of the Sendmail book and implemented a "DONT_BLAME_SYNCHRONET" make option. Compiling like this: gmake DONT_BLAME_SYNCHRONET=1 Will implement this same behaviour on non-Linux platforms. Allowing this partial security feature.