| Summary: | msec links halt/poweroff/reboot to consolehelper instead of systemctl | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | RPM Packages | Assignee: | Colin Guthrie <mageia> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | Normal | CC: | doktor5000, mageia, mageia, thierry.vignaud, tmb, yvesbrungard |
| Version: | Cauldron | Keywords: | PATCH |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5TOO | ||
| Source RPM: | msec-1.11-2.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 18159 | ||
| Bug Blocks: | |||
| Attachments: | Use systemctl instead of consolehelper | ||
|
Description
David Walser
2015-06-06 01:09:49 CEST
David Walser
2015-06-06 01:10:23 CEST
CC:
(none) =>
mageia, thierry.vignaud
David Walser
2015-06-06 01:10:59 CEST
Component:
Security =>
RPM Packages
Thierry Vignaud
2015-06-08 13:43:51 CEST
Hardware:
i586 =>
All
Thierry Vignaud
2015-06-11 16:19:12 CEST
CC:
(none) =>
mageia At installation, /usr/bin/shutdown already point to consolhelper, with a date of creation the date of installation. I confirm the alteration of halt and poweroff commands. I will propose a patch for this problem. But the question of shutdown must be clarified. CC:
(none) =>
yves.brungard_mageia Ahh, looks like a bug in the systemd package, it's not owning /usr/bin/shutdown. None of the packages have scriplets that are creating that link, so I don't know where it's coming from. Created attachment 6935 [details]
Use systemctl instead of consolehelper
Here a patch to restore the link to ../bin/systemctl instead of consolehelper. It applies to:
halt
reboot
shutdown
poweroff
Note that the poweroff at start is linked to consolehelper (fresh install).
(In reply to papoteur from comment #3) > Note that the poweroff at start is linked to consolehelper (fresh install). Read "shutdown" instead of poweroff. If you've tested this patch, just commit it into git Keywords:
(none) =>
PATCH commit da3c537d80fa90c27a3ff9f2c80082a51d1dbd2c
Author: SARL ENR 68 <david@...>
Date: Fri Aug 28 20:18:29 2015 +0200
Use systemctl instead of consolehelper (mga#16084)
- by papoteur: https://bugs.mageia.org/attachment.cgi?id=6935
---
Commit Link:
http://gitweb.mageia.org/software/msec/commit/?id=da3c537d80fa90c27a3ff9f2c80082a51d1dbd2c
(In reply to David Walser from comment #0) > When you switch to msec SECURE mode, halt/poweroff/reboot are removed and > can't be used by regular users. FWIW, then we would probably also need to patch msec to disable "systemctl reboot" and "systemctl poweroff" when switching to SECURE mode as that is by default allowed for regular users - that is, if you have an active logind session, and it is done without consulting polkit AFAIU. See e.g. https://wiki.archlinux.org/index.php/Allow_users_to_shutdown or in much more detail at http://unix.stackexchange.com/a/209839/83329 CC:
(none) =>
doktor5000 commit ed6bc6f637c308693795fabe1d6fd9cfb095ac69
Author: Papoteur <papoteur@...>
Date: Sun Apr 17 11:35:47 2016 +0200
Use systemctl instead of consolehelper (mga#16084)
---
Commit Link:
http://gitweb.mageia.org/software/msec/commit/?id=ed6bc6f637c308693795fabe1d6fd9cfb095ac69
How to test : First state: $ ls -l /usr/bin/poweroff lrwxrwxrwx 1 root root 16 oct. 4 2015 /usr/bin/poweroff -> ../bin/systemctl $ ls -l /usr/bin/halt lrwxrwxrwx 1 root root 16 oct. 4 2015 /usr/bin/halt -> ../bin/systemctl $ ls -l /usr/bin/reboot lrwxrwxrwx 1 root root 16 oct. 4 2015 /usr/bin/reboot -> ../bin/systemctl $ ls -l /usr/bin/shutdown lrwxrwxrwx 1 root root 13 juin 6 2014 /usr/bin/shutdown -> consolehelper (the last one is not attempted, but there is another bug) In msec, before applying the release 1.15: set ALLOW_REBOOT=no Previous command should disappear. Then set ALLOW_REBOOT=yes each previous command is linked to consolehelper After applying the release 1.15 set ALLOW_REBOOT=no Previous command should disappear. Then set ALLOW_REBOOT=yes each previous command is linked to ../bin/systemctl Advisory set ALLOW_REBOOT=no then yes restores poweroff, halt, shutdown and reboot to ../bin/systemctl instead of consolehelper. Definitely a step forward, however, this is not secure. The direct commands are just shortcuts to running "systemct poweroff|halt|reboot|shutdown". The fact that shortcuts disappear does not prevent the user from running the slightly longer versions. Really all MSEC should do is adjust the policykit policy on these actions and always leave the links in place. They would either work or not according to user permissions while still allowing admins the luxury of the shortcuts (and bin vs. sbin is not the answer here to that!). Draksec does something similar to allow configuration of which tools can run without root privs. It writes out an auth function and then the rules check the results of that function. See the code in draksec binary (perl) for how/where it writes the polkit auth function and the file org.mageia.draksec.rules for how it's used. You could do something similar to control these commands in systemd (overriding the default policies). This would be the correct way to solve this problem, removal of the symlinks is not enough. Thanks Colin for pointing the way do to it better. I will have a look, although I'm not Perl fluent. Papoteur Thanks to both of you. If you do enhance this as Colin suggested, please ensure that it does still restore the symlinks if they're missing.
claire robinson
2016-04-19 10:29:08 CEST
Blocks:
(none) =>
18159
Thomas Backlund
2016-04-21 17:02:22 CEST
Blocks:
18159 =>
(none) An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2016-0067.html Status:
NEW =>
RESOLVED |