We have moved to a new Sailfish OS Forum. Please start new discussions there.
16

[fixed in 1.0.3.8] fingerterm runs with elevated privileges (EGID != GID) [answered]

asked 2014-01-04 12:01:50 +0200

hlub gravatar image

updated 2014-02-02 00:58:24 +0200

Typing id in fingerterm reveals that it (and its shell) runs with gid=100000 (nemo) but egid=998 (privileged)

Now this seems to be the norm for most apps (mail, weather) but I think it is not a good idea for a command shell to start with (albeit slightly) elevated privileges

Moreover, perl notices the fact and switches to tainted mode, becoming too paranoid to be usable: (Insecure $ENV{PATH} while running setgid)

I found a solution, adapting (or cloning) /usr/share/applications/fingerterm.desktop to make it run a tiny script:

#!/bin/zsh # sorry, zsh user here...

EGID=$GID # drop elevated privileges (may not work in bash?)
cd # solve the "starting in root directory" problem while we're at it
exec fingerterm

This works, but I think this should be fixed by Jolla eventually

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by hlub
close date 2014-02-02 01:05:19.136709

Comments

In an ssh connection:

[nemo@localhost ~]$ id
uid=100000(nemo) gid=100000(nemo) groups=39(video),100(users),994(alien),995(ssu),996(timed),999(oneshot),1000(system),1002(bluetooth),1003(graphics),1004(input),1005(audio),1006(camera),1024(mtp),100000(nemo)

so what's the need for egid=998?

jsiren ( 2014-01-04 12:05:19 +0200 )edit

@jsiren: When using ssh the problem doesn't arise: then egid=gid. But apparently most apps (including fingerterm) are started with an EGID=998, which may be useful for them, but is unnecessary for a command shell.

hlub ( 2014-01-04 12:10:16 +0200 )edit

2 Answers

Sort by » oldest newest most voted
0

answered 2014-01-04 20:16:20 +0200

Milo gravatar image

updated 2014-01-05 01:54:14 +0200

If you start the fingerterm from ssh, then EGID==GID. The issue is with the /usr/bin/invoker, which is used to launch applications from the app-page.

edit flag offensive delete publish link more

Comments

2

Eventually it is the booster commands (rather than invoker) that have their setgid bits set. A wrapper script probably defeats the purpose of the booster (pre-loading shared resources) - it's up to Jolla how to solve this.

hlub ( 2014-01-05 01:28:47 +0200 )edit
0

answered 2014-02-02 00:59:31 +0200

hlub gravatar image

This issue has been fixed in 1.0.3.8 (Naamankajärvi)

edit flag offensive delete publish link more

Question tools

Follow
4 followers

Stats

Asked: 2014-01-04 12:01:50 +0200

Seen: 409 times

Last updated: Feb 02 '14