:: Re: [DNG] systemd allows elevated a…
Top Page
Delete this message
Reply to this message
Author: Evilham
Date:  
To: dng
Subject: Re: [DNG] systemd allows elevated access from unit files?
Hi there,

Am 03/07/2017 um 16:08 schrieb dev:
> Sounds like a "won't fix", too:
>
>   "So, yeah, I don't think there's anything to fix in systemd here."
>    - Poettering

>
> Not sure what's more troubling here[1]; the lack of concern, the
> digression from POSIX, or the bug/backdoor itself. Maybe all three.
>
> useradd 0day works on Devuan. adduser 0day does not. Which is correct?


I had this discussion yesterday, so here are my 2 cents :-).

It is quite inconsistent what a "valid username" is, apparently it has
gotten better.

According to POSIX, a valid username may include: a-z, A-Z, 0-9, ., -, _
Where "-" cannot appear at the beginning. There is no further
restriction on the other chars.
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_435

So, useradd works because it's lower level, adduser does not, because it
comes from shadow and they have more restrictions on what a valid name
is. IMHO that's a bug in shadow.
https://github.com/shadow-maint/shadow/blob/master/libmisc/chkname.c#L52

It is not possible, for example to execute: adduser name.lastname, which
is a valid POSIX username (but useradd name.lastname works fine).

The biggest issue with that systemd bug is that it should refuse to run
the unit instead of overriding what the sysadmin wrote and running as root.

But hey, that's why we are here on Devuan.

(Maybe we should file a bug on bugs.devuan.org + bugs.debian.org +
shadow repo against shadow?)
--
Evilham