[Zope] supplemental group ids (Linux)

Bill Anderson bill@libc.org
Wed, 06 Sep 2000 00:23:23 -0600


Kip Rugger wrote:
> 
> Bill Anderson  <bill@libc.org> wrote:
> >Kip Rugger wrote:
> >>
> >> Chris McDonough  <chrism@digicool.com> wrote:
> >> >Aplogies for the ignorance, but can you maybe explain the concept
> >> >of supplemental group ids and give an example of how the current unpatched
> >> >behavior could be subverted?
> >>
> >> I can try...
> >>
> >> Supplemental gids are useful for allowing a user to belong to more
> >> than one group, or maybe to more than one project in normal parlance.
> >> This is normally effected by listing the uid opposite more than one
> >> group in /etc/group.  The login process issues the initgroups(3) call
> >> to install these supplemental groups, which are inherited by all
> >> processes forked from the login shell.
> >> The problem is comes when you change user ids; for example what I
> >> saw with Zope (start -u nobody) was:
> >>
> >>                      before change           after change
> >>                      =============           ============
> >>      user id             root                   nobody
> >>      group id            root                   nobody
> >>      sup id(s)           root                   root
> >
> >
> >Would you mind describing how you determine this?
> 
> [/proc] $ cat /proc/90/status
> Name:   junkbuster
> State:  S (sleeping)
> Pid:    90
> PPid:   1
> Uid:    101     101     101     101
> Gid:    101     101     101     101
> Groups: 101     <------------------------------ supplemental groups

....

> On my machine 101 is uid and gid for nobody; as you can see
> junkbuster is correctly sandboxed.  For unmodified Zope, you'll
> see a zero in the indicated line (or possibly several values
> if root belongs to several groups like `wheel' on your system).


OK, something is not quite right here.
On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of the explicit '-u nobody'? I don't do that on
my system, which causes Zope to run as nobody implicitly.

(When started as root, unless told otherwise, zope will switch to nobody).

Try running without the 'u nobody switch, and see what happens. Just out of curiousity.

--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.