Modify

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#274 closed enhancement (fixed)

Enhanced run_email2trac to support supplementary groups

Reported by: Dennis McRitchie <dmcr@…> Owned by: bas
Priority: major Milestone: Release 2.4.5
Component: email2trac Version: 2.4.2
Keywords: Cc:

Description

Hi Bas,

We are now using a more secure approach to group ownership and file permissions that supports 1) webserver r/w access, 2) r/w access by selected users who are logged in via ssh, and 3) no other r/w access.

The idea is to create a supplementary group whose only members are the webserver user, and the selected ssh users. World access is then removed from all dual-access files (i.e., files writable via webserver and ssh). Thus, with a umask of 007 and the gid bit set, all created dual-access files are group-writable by users belonging to the special supplementary group, and to no one else.

Currently, besides the uid, run_email2trac sets only the gid associated with the trac user. This patch will cause it to also set the supplementary groups associated with the trac user, thus supporting a "best practices" approach to dual-access.

Let me know if you have any questions.

Dennis McRitchie?

Attachments (2)

email2trac-2.4.2.patch (1.3 KB) - added by Dennis McRitchie <dmcr@…> 12 years ago.
Patch to support supplementary groups in run_email2trac
email2trac-2.4.2.patch2 (2.1 KB) - added by Dennis McRitchie <dmcr@…> 12 years ago.
Optional support for initgroups()

Download all attachments as: .zip

Change History (9)

Changed 12 years ago by Dennis McRitchie <dmcr@…>

Patch to support supplementary groups in run_email2trac

comment:1 Changed 12 years ago by bas

  • Milestone set to Release 2.X.X
  • Status changed from new to assigned

Thanks for the enhancement. I will apply it. My first thought was that initgroups is not portable.

comment:2 Changed 12 years ago by Dennis McRitchie <dmcr@…>

Good point. Let me look into making the code conditional, and I'll get back to you with a patch.

Dennis

P.S. In reading further about this, I see that another reason for applying the supplementary groups is that if you don't, the current process keeps the supplementary groups associated with the root user, thus opening a possible security hole.

comment:3 Changed 12 years ago by Dennis McRitchie <dmcr@…>

Hi Bas,

OK. I've attached a 2nd patch that makes the initgroups() call conditional on its presence on a given system. Thus if not present, the code will revert to its previous behavior.

The odd thing is that I was unable to find a system that did not have initgroups(). I tested on gcc's back to 2.8.1, and on a SUN 5.6 compiler (dating back to 2004), but all supported initgroups(). Nonetheless, better to be safe than sorry.

So you just need to:

autoconf configure.in >configure

This new 'configure' script will test for initgroups() and set an appropriate definition of HAVE_INITGROUPS in config.h (built from config.h.in, a new file). run_email2trac.c then tests for HAVE_INITGROUPS in 2 places to ensure that the code builds even if initgroups() is not present.

Dennis

Changed 12 years ago by Dennis McRitchie <dmcr@…>

Optional support for initgroups()

comment:4 Changed 12 years ago by bas

Thanks a lot. It will be applied. I also checked a few systems and could not find a system that did not implement initgroups.

comment:5 Changed 12 years ago by bas

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [574]) added support for initgroup, thanks to Dennis McRitchie?, closes #274

comment:6 follow-up: Changed 12 years ago by anonymous

Is this really the way it suppose to work? By the what could mean error fatal error access to undeclared static property ?

comment:7 in reply to: ↑ 6 Changed 12 years ago by bas

Replying to anonymous:

Is this really the way it suppose to work? By the what could mean error fatal error access to undeclared static property ?

What platform and what OS. Where do you get this error message from and is there something in the log files

Add Comment

Modify Ticket

Change Properties
Action
as closed The owner will remain bas.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.