speechd-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

running speech-dispatcher as non-root using setuid on XO and accompanyin


From: Hemant Goyal
Subject: running speech-dispatcher as non-root using setuid on XO and accompanying security issues
Date: Thu, 17 Jul 2008 17:21:57 +0530

Hi James,

> It is like putting a hole through a city wall into a house which is
> built against the wall, and then telling the city guards to stand
> outside the house as well as the city gate.
>
> Practical, very handy, but extends the safety barrier to include the
> setuid program code.
>
> It means the city guards need to trust the owner of the house.  Because
> the house is a new attack vector.  The walls of the house might be
> thinner than the city walls.
>
> It means the code that is running setuid has to be trusted.  Because
> this new code is a new attack vector ... if it can be asked to open or
> write files, then it can attack a filesystem.
>

Thanks for elaborating the problem in such simple words :). So we can
never tell what just might happen in case some nasty piece of codes
runs through the speech-dispatcher binary... Can't we test and sign
the binaries or something like that? I agree it will add to the burden
of carefully testing speech-dispatcher every time we use an updated
binary however.

> I recall earlier discussion about it or something else.  Is there a way to
> rewrite it to not require root?  Almost every other activity does not
> require root, or obtains it through a carefully controlled mechanism via
> the kernel.

Well sugar-control-panel is what runs as non-root and which would
modify the speech-dispatcher configuration files. Since I got the
setuid idea I have relocated the configuration files of
speech-dispatcher to /home/olpc/.speechd from /etc/speech-dispatcher.

> Can you tell me what syscall fails if it is not root?  strace may be
> helpful.

[hemant at dhcppc0 devel]$ /usr/bin/speech-dispatcher
Can't create pid file in /var/run/speech-dispatcher.pid, wrong permissions?

===================================================================================================================
Strace Output:

open("/var/run/speech-dispatcher.pid", O_RDONLY) = 3
fcntl64(3, F_GETLK, {type=F_UNLCK, whence=SEEK_SET, start=1, len=3, pid=1}) = 0
close(3)                                = 0
unlink("/var/run/speech-dispatcher.pid") = -1 EACCES (Permission denied)
open("/var/run/speech-dispatcher.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666)
= -1 EACCES (Permission denied)
write(2, "Can\'t create pid file in /var/ru"..., 76Can't create pid
file in /var/run/speech-dispatcher.pid, wrong permissions?

===================================================================================================================

So I guess it s not able to write a PID file.

Next I tried to relocate where the PID file is written as follows:

[hemant at dhcppc0 devel]$  /usr/bin/speech-dispatcher -P 
/home/hemant/speechd.pid

Now it gets stuck at other locations. Its not able to open a
connection with ALSA and create a log file in/var/log/speechd.log.
======================================================================================================================
Error: can't open logging file /var/log//speechd.log! Using stdout.
-(I can fix this error since its under my control through the RPM
package)

ALSA lib pcm_dmix.c:831:(snd_pcm_dmix_open) unable to create IPC semaphore
 Thu Jul 17 17:10:26 2008 [648100] ALSA ERROR: Cannot open audio
device default (Permission denied)
 Thu Jul 17 17:10:26 2008 [648175] ALSA ERROR: Cannot initialize Alsa
device 'default': Can't open.
======================================================================================================================

The corresponding strace outputs are :
======================================================================================================================
open("/var/log//speechd.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1
EACCES (Permission denied)
open("/var/log//espeak.log", O_WRONLY|O_CREAT|O_TRUNC, 0600) = -1
EACCES (Permission denied)
======================================================================================================================

Thanks for the prompt reply :)

Best,
Hemant



reply via email to

[Prev in Thread] Current Thread [Next in Thread]