Not logged in
Log in now
Create an account
Subscribe to LWN
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
GNU virtual private Ethernet
Pondering the X client vulnerabilities
Posted May 30, 2013 17:45 UTC (Thu) by anselm (subscriber, #2796)
There's nothing wrong with Qt in general.
I would however be very suspicious of any SUID program that required the use of »network support and threading primitives«, whether it is based on Qt or anything else. (The X server comes to mind but that's another story.) If nothing else it should be possible to structure one's X client program such that any code that needs special privileges is put into a minimal separate executable that can then be SUID – and nowadays there are various other approaches one could take that may make SUID completely unnecessary in this context.
Posted May 30, 2013 17:48 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
So you need at least have the code to parse config files to be run as root.
Posted May 30, 2013 22:27 UTC (Thu) by nix (subscriber, #2304)
Posted May 30, 2013 23:12 UTC (Thu) by anselm (subscriber, #2796)
Since when is BIND a SUID-root X11 client?
Posted Jun 3, 2013 13:54 UTC (Mon) by nix (subscriber, #2304)
Qt is not just about GUI stuff, and hasn't been for as long as KDE has been using it, pretty much. (It only got properly separated out in Qt 4, though.)
Posted Jun 3, 2013 14:21 UTC (Mon) by anselm (subscriber, #2796)
Nobody needs to use Qt's threading and networking primitives when running SUID root, which is a completely different ballgame than running as root as a daemon.
There's probably nothing wrong with using the non-GUI parts of Qt to implement a threaded networking daemon, if one doesn't mind the Qt haters' jumping all over one. But such a daemon would not run SUID root; it would be started as root initially (from something like SysV init or systemd) and then drop its root privileges ASAP.
It was actually Cyberax who claimed that »It's actually EXTREMELY common to have networked programs to be SUIDed«. This is apparently so common that so far he hasn't managed to come up with one single example.
Posted Jun 5, 2013 20:09 UTC (Wed) by nix (subscriber, #2304)
Posted May 30, 2013 23:15 UTC (Thu) by anselm (subscriber, #2796)
Programs that need to open ports below 1024 for listening are not usually X clients. They are servers/daemons that are commonly run as root to begin with (and drop their privileges as soon as they can), rather than SUID-root programs. This is a completely different ball game.
Posted May 31, 2013 10:45 UTC (Fri) by jschrod (subscriber, #1646)
I'm using Linux and Unix since many decades, and I'm not aware of them, but willing to learn more. (I've got daemons that bind to ports, but they are not suid, they are started by root. Even an X server is most often not suid nowadays, with xdm and friends.)
Posted May 31, 2013 15:26 UTC (Fri) by hummassa (subscriber, #307)
in my 5308-packages-installed Kubuntu desktop, I found ONE setuid file linked with X libs: kppp (and none setgid). One moment of googling, and I found this:
> Why is KPPP installed with the setuid bit on?
> There is no need for the setuid bit, if you know a bit of UNIX® systems administration. Simply create a modem group, add all users that you want to give access to the modem to that group and make the modem device read/writable for that group. Also if you want DNS configuration to work with KPPP, then /etc/resolv.conf must be read/writable by the members of that group. The same counts for /etc/ppp/pap-secrets and /etc/ppp/chap-secrets if you want to use the built-in PAP or CHAP support, respectively.
> The KPPP team has lately done a lot of work to make KPPP setuid-safe. But it's up to you to decide if you install and how you install it.
I will not bother with it, for now...
Posted May 31, 2013 15:32 UTC (Fri) by jschrod (subscriber, #1646)
FTR: I didn't want to question that there aren't suid X programs. I question that this happens to be "EXTREMELY common" and that access to low network ports is the reason to be so.
Posted May 31, 2013 18:58 UTC (Fri) by hummassa (subscriber, #307)
Posted May 30, 2013 19:41 UTC (Thu) by richmoore (subscriber, #53133)
The problem reported against Qt was simply someone using something incorrectly, and being told they've done so, then complaining it doesn't work. A couple of the issues spotted were genuine bugs, and should be addressed (I'm not aware that they actually filed them btw) but they aren't security holes in Qt.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds