From nobody Thu Jul 28 15:30:37 2022 X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ltvjv6GJ7z4X3TP for ; Thu, 28 Jul 2022 15:30:43 +0000 (UTC) (envelope-from niko.nastonen@icloud.com) Received: from pv50p00im-tydg10021701.me.com (pv50p00im-tydg10021701.me.com [17.58.6.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ltvjv1M2tz49tq for ; Thu, 28 Jul 2022 15:30:43 +0000 (UTC) (envelope-from niko.nastonen@icloud.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1659022242; bh=jYyItjcI9P/eoGs34IhKA+zAlKK1K0GXvRfdZ+qbBuo=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=f3dck7IA0yG8zhOboD3Z23rSk+mU6xQo2aur5URh6q6U9/6dUSfwtmLsoxaEVA6Pv C2fIfORf+BuxFvCRfONS7Uf+hddlZx3Yg3G84ldB30svJoMhuPheY/RKh8woIip4Ad iB8jplAEMs2Y2OyabOb89thPAGCi12hO7UH0XwaZcMwvonKeLxKlmcEjdIsh5QxIhf hJa352D1Exbh+j6fgftLm56aZa1s1jYo126hgwGHhPbZ+spI44Esm5b2ccva8gr3CS ufmkoO+x+2j56u8Xn90GudoqtIoSiGj4GZIutjABYF++sYnzeI7KvMi3RDb00ibyrm tX2QYNWYwYVoQ== Received: from smtpclient.apple (pv50p00im-dlb-asmtp-mailmevip.me.com [17.56.9.10]) by pv50p00im-tydg10021701.me.com (Postfix) with ESMTPSA id BC43C3A0E65; Thu, 28 Jul 2022 15:30:40 +0000 (UTC) Content-Type: text/plain; charset=utf-8 List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\)) Subject: Re: pkg and root privileges From: niko.nastonen@icloud.com In-Reply-To: <20220728150805.ixev66bv3bhdjdn4@aniel.nours.eu> Date: Thu, 28 Jul 2022 18:30:37 +0300 Cc: "freebsd-pkg@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <1FDE9D79-08E1-46E7-83A6-9538D81333A4@icloud.com> References: <0320D2DB-F61B-4F8B-B80F-D7765860283E@icloud.com> <20220728150805.ixev66bv3bhdjdn4@aniel.nours.eu> To: Baptiste Daroussin X-Mailer: Apple Mail (2.3696.100.31) X-Proofpoint-ORIG-GUID: VXLpiU4Vxn6rDyHXE8jJhQ2IjrkA9IwC X-Proofpoint-GUID: VXLpiU4Vxn6rDyHXE8jJhQ2IjrkA9IwC X-Proofpoint-Virus-Version: =?UTF-8?Q?vendor=3Dfsecure_engine=3D1.1.170-22c6f66c430a71ce266a39bfe25bc?= =?UTF-8?Q?2903e8d5c8f:6.0.517,18.0.883,17.11.64.514.0000000_definitions?= =?UTF-8?Q?=3D2022-06-21=5F08:2022-06-21=5F01,2022-06-21=5F08,2022-02-23?= =?UTF-8?Q?=5F01_signatures=3D0?= X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 adultscore=0 clxscore=1011 suspectscore=0 malwarescore=0 spamscore=0 bulkscore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207280070 X-Rspamd-Queue-Id: 4Ltvjv1M2tz49tq X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=icloud.com header.s=1a1hai header.b=f3dck7IA; dmarc=pass (policy=quarantine) header.from=icloud.com; spf=pass (mx1.freebsd.org: domain of niko.nastonen@icloud.com designates 17.58.6.54 as permitted sender) smtp.mailfrom=niko.nastonen@icloud.com X-Spamd-Result: default: False [-6.59 / 15.00]; WHITELIST_SPF_DKIM(-3.00)[icloud.com:d:+,icloud.com:s:+]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; NEURAL_HAM_SHORT(-1.00)[-0.996]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[icloud.com,quarantine]; R_DKIM_ALLOW(-0.20)[icloud.com:s=1a1hai]; R_SPF_ALLOW(-0.20)[+ip4:17.58.0.0/16]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[17.58.6.54:from]; ASN(0.00)[asn:714, ipnet:17.58.0.0/20, country:US]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_NO_DN(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MLMMJ_DEST(0.00)[freebsd-pkg@freebsd.org]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[icloud.com]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_FROM(0.00)[icloud.com]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DWL_DNSWL_NONE(0.00)[icloud.com:dkim]; DKIM_TRACE(0.00)[icloud.com:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N The thread on the forum was closed and deleted by moderators due to = unsportsmanlike conduct of some very worried about security :-) pkg indeed needs some review in terms of usage of superuser privileges, = in my opinion. Not only fetch, but other parts too, fetch just being = probably the most fragile in that sense. Thanks for your attention. Br. Niko > On 28. Jul 2022, at 18.08, Baptiste Daroussin = wrote: >=20 > On Tue, Jul 26, 2022 at 07:15:43PM +0300, niko.nastonen@icloud.com = wrote: >> Hi. >>=20 >> There was a recent discussion on the FreeBSD forum about security of = pkg and its ability to drop root privileges when fetching packages. >>=20 >> I couldn=E2=80=99t help but notice that there was a git commit >>=20 >> fcceab3f with comment "drop privileges when using libfetch=E2=80=9D >>=20 >> and another one >>=20 >> f3b0469e with comment "Stop dropping privileges when fetching as it = causes more issues than it solved=E2=80=9D. >>=20 >> Can I ask what kind of issues the first commit introduces and why pkg = still goes out to the internet unprotected? >>=20 >> In case the issues are already solved by later commits, let me = present a silly patch (mostly copied from fcceab3f) for branch = "release-1.18=E2=80=9D which makes fetch use nobody instead of root. >>=20 >> Feel free to modify it to match =E2=80=9Cthe real BSD hacker = standards, if applicable=E2=80=9D :-) >>=20 > I am interested in the thread on the forum, if you can point it out to = me. >=20 > The reason why it was dropped is because, libfetch allows to access = many thing > (like ~/.netrc but not only) and many users are using such features of = libfetch. >=20 > I dropped the "drop of privileges" the time to work on libfetch to = make it more > friendly to the "drop of provileges" which I started but never = finished. >=20 > Thank you for the reminder I will move that up on my TODO list for = 1.19 >=20 > Best regards, > Bapt >=20