dcc-client configuration fails / security problem?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dcc (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When installing dcc-client initially on breezy, it was configured by apt before dcc-common.
During the configuration of dcc-client, the dcc-client.postinst tries to chown some programs to dcc.dcc - but this user/group aren't available yet, but only when dcc-common is configured.
This results in set-uid-root programs, which should be set-uid dcc:
# ls -l /usr/bin/dccproc
-rwsr-xr-x 1 root root 420216 Apr 14 2005 /usr/bin/dccproc
# ls -l /usr/sbin/dccifd
-rwsr-xr-x 1 root root 465944 Apr 14 2005 /usr/sbin/dccifd
From the installation log:
Setting up dcc-client (1.2.74-2) ...
chown: `dcc.dcc': invalid user
chown: `dcc.dcc': invalid user
Starting DCC program interface daemon: dccifdstart-
(Success)
invoke-rc.d: initscript dcc-client, action "start" failed.
Setting up dcc-common (1.2.74-2) ...
Adding system group: dcc.
Adding group `dcc' (116)...
Done.
Adding system user: dcc.
Adding system user `dcc'...
Adding new user `dcc' (113) with group `dcc'.
Not creating home directory.
Updating DCC map.
Updating DCC map.
How's this on Dapper, Edgy, Feisty, or Gutsy?