Ubuntu
dcc package

dcc-client configuration fails / security problem?

Bug #32324 reported by Herbert Thielen
2
Affects Status Importance Assigned to Milestone
dcc (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

When installing dcc-client initially on breezy, it was configured by apt before dcc-common.

During the configuration of dcc-client, the dcc-client.postinst tries to chown some programs to dcc.dcc - but this user/group aren't available yet, but only when dcc-common is configured.

This results in set-uid-root programs, which should be set-uid dcc:
# ls -l /usr/bin/dccproc
-rwsr-xr-x 1 root root 420216 Apr 14 2005 /usr/bin/dccproc
# ls -l /usr/sbin/dccifd
-rwsr-xr-x 1 root root 465944 Apr 14 2005 /usr/sbin/dccifd

From the installation log:

Setting up dcc-client (1.2.74-2) ...
chown: `dcc.dcc': invalid user
chown: `dcc.dcc': invalid user
Starting DCC program interface daemon: dccifdstart-stop-daemon: group `dcc' not found
 (Success)
invoke-rc.d: initscript dcc-client, action "start" failed.

Setting up dcc-common (1.2.74-2) ...
Adding system group: dcc.
Adding group `dcc' (116)...
Done.
Adding system user: dcc.
Adding system user `dcc'...
Adding new user `dcc' (113) with group `dcc'.
Not creating home directory.
Updating DCC map.
Updating DCC map.

Revision history for this message
William Grant (wgrant) wrote :

How's this on Dapper, Edgy, Feisty, or Gutsy?

Changed in dcc:
status: Unconfirmed → Needs Info
importance: Medium → Undecided
Revision history for this message
Herbert Thielen (thielen) wrote :

Just tried it again on feisty. The package dcc-client is no longer existant, it's functionality is provided by dcc-server now.

I tried to install dcc-server with apt-get, which worked fine regarding this bug report - in my opinion, it can be closed.
The warnings during the installation of dcc-common should be addressed in another bug report.

Here's part of the installation log for reference:

Setting up dcc-common (1.3.42-4) ...
Adding system group: dcc.
Adding group `dcc' (GID 128) ...
Done.
Adding system user: dcc.
Adding system user `dcc' (UID 104) ...
Adding new user `dcc' (UID 104) with group `dcc' ...
Not creating home directory `/var/lib/dcc'.
read: 65: Illegal option -n
Warning, no random device found, password might be insecure
read: 65: Illegal option -n
Warning, no random device found, password might be insecure
Updating DCC map.

Setting up dcc-server (1.3.42-4) ...

# ls -l /usr/bin/dccproc
-rwsr-sr-x 1 dcc dcc 456224 2006-11-13 05:22 /usr/bin/dccproc
# ls -l /usr/sbin/dccifd
-rwsr-sr-x 1 dcc dcc 514304 2006-11-13 05:22 /usr/sbin/dccifd

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for dcc (Ubuntu) because there has been no activity for 60 days.]

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.