ksmarttray and updates

Randy Smith smithr at cs.wisc.edu
Thu Aug 10 07:11:58 PDT 2006 


Basil Chupin wrote:
> Stephen Boddy wrote:
> 
>> On Wednesday 09 August 2006 17:12, Basil Chupin wrote:
>>
>>> Stephen Boddy wrote:
>>>
>>>> Hello Basil, fancy meeting you here :-D
>>>>
>>>> I'm curious what the permissions are on your smart-update binary. It
>>>> appears that by setting mine to setuid I can run smart as a regular 
>>>> user
>>>> and get the blinky icon and it works how I want it to. i.e.
>>>>
>>>> # ls -la `which smart-update`
>>>> -rwsr-xr-x 1 root root 4464 Jul 30 18:09 /usr/bin/smart-update
>>>>
>>>> This is the command that ksmarttray runs every five minutes. This is a
>>>> small wrapper program for running "smart update --after 60", which will
>>>> only perform the update if it has been at least 60 minutes since the 
>>>> last
>>>> update.
>>>>
>>>> Regards
>>>
>>> The permissions are no different to what you have:
>>>
>>> -rwxr-xr-x 1 root root 4464 Aug  7 01:25 smart-update
>>>
>>> And I haven't touched anything.
>>
>>
>> Look a little closer Basil. I have set my binary with the suid bit 
>> (the s in -rwsr-xr-x). I made that change, and it is different to 
>> yours. It was the only way I could get ksmarttray to perform the 
>> channel update, and then blink, without running ksmarttray as root.
> 
> 
> I didn't miss the "s"; I know that you mentioned it in your earlier 
> message. But I didn't refer to it (I should have) because I was thinking 
> about your inability to have the icon blinking unless you did the suid 
> "fix" whereas mine blinks without me touching anything.
> 
> However, I will restate what I stated earlier - and I hope that the 
> authors of smart take note - that a user should NOT be allowed to 
> upgrade the system and therefore, even if a root does alter the 
> permissions of the file as you have, there should be a check done to 
> disallow an update if it is being done without first having to enter the 
> root password.
> 
> I would consider this as a SECURITY HOLE for any Linux system using smart.
> 
> [pruned]
> 
> 
> Cheers.
> 

Right, such behavior should be considered a security hole.  However, I 
think there are two issues here that should be considered separately:
1.  perform channel update and do the blink.
2.  upgrade the system.

(1) should be able to happen automatically if user is running ksmarttray
(2) should require root access


if running smart-update suid root enables (1) while still requiring the 
root pw for (2), then I don't see that as a problem.

More information about the Smart mailing list