Opened 9 years ago

Closed 9 years ago

#3314 enhancement closed duplicate (duplicate)

Conch plugin always requires privilege escalation

Reported by: Jonathan Lange Owned by:
Priority: normal Milestone:
Component: conch Keywords:
Cc: Branch:
Author:

Description

Conch tries

        os.setegid(0) # gain priviledges
        os.seteuid(0)

even if it doesn't have to have root privileges to get the private keys. For example:

$ twistd -no conch -p 5022 -d testing/keys
/home/jml/Code/Divmod/trunk/Nevow/twisted/plugins/nevow_widget.py:7: DeprecationWarning: mktap and related support modules are deprecated as of Twisted 8.0.  Use Twisted Application Plugins with the 'twistd' command directly, as described in 'Writing a Twisted Application Plugin for twistd' chapter of the Developer Guide.
  from twisted.scripts.mktap import _tapHelper
2008-06-26 17:01:29+1000 [-] Log opened.
2008-06-26 17:01:29+1000 [-] twistd 8.1.0+r23971 (/usr/bin/python 2.5.2) starting up.
2008-06-26 17:01:29+1000 [-] reactor class: twisted.internet.selectreactor.SelectReactor.
2008-06-26 17:01:29+1000 [-] twisted.conch.openssh_compat.factory.OpenSSHFactory starting on 5022
2008-06-26 17:01:29+1000 [-] Starting factory <twisted.conch.openssh_compat.factory.OpenSSHFactory instance at 0x836d7ec>
2008-06-26 17:01:29+1000 [-] Traceback (most recent call last):
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/bin/twistd", line 21, in <module>
2008-06-26 17:01:29+1000 [-]     run()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/scripts/twistd.py", line 27, in run
2008-06-26 17:01:29+1000 [-]     app.run(runApp, ServerOptions)
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/application/app.py", line 680, in run
2008-06-26 17:01:29+1000 [-]     runApp(config)
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/scripts/twistd.py", line 23, in runApp
2008-06-26 17:01:29+1000 [-]     _SomeApplicationRunner(config).run()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/application/app.py", line 411, in run
2008-06-26 17:01:29+1000 [-]     self.postApplication()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/scripts/_twistd_unix.py", line 202, in postApplication
2008-06-26 17:01:29+1000 [-]     self.startApplication(self.application)
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/scripts/_twistd_unix.py", line 295, in startApplication
2008-06-26 17:01:29+1000 [-]     service.IService(application).privilegedStartService()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/application/service.py", line 255, in privilegedStartService
2008-06-26 17:01:29+1000 [-]     service.privilegedStartService()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/application/internet.py", line 85, in privilegedStartService
2008-06-26 17:01:29+1000 [-]     self._port = self._getPort()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/application/internet.py", line 116, in _getPort
2008-06-26 17:01:29+1000 [-]     *self.args, **self.kwargs)
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/internet/posixbase.py", line 328, in listenTCP
2008-06-26 17:01:29+1000 [-]     p.startListening()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/internet/tcp.py", line 764, in startListening
2008-06-26 17:01:29+1000 [-]     self.factory.doStart()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/internet/protocol.py", line 47, in doStart
2008-06-26 17:01:29+1000 [-]     self.startFactory()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/trunk/twisted/conch/ssh/factory.py", line 50, in startFactory
2008-06-26 17:01:29+1000 [-]     self.privateKeys = self.getPrivateKeys()
2008-06-26 17:01:29+1000 [-]   File "/home/jml/Code/Twisted/branches/conch-perf-bug-experiment/twisted/conch/openssh_compat/factory.py", line 24, in getPrivateKeys
2008-06-26 17:01:29+1000 [-]     os.setegid(0) # gain priviledges
2008-06-26 17:01:29+1000 [-] OSError: [Errno 1] Operation not permitted

Change History (2)

comment:1 Changed 9 years ago by therve

Resolution: duplicate
Status: newclosed

This is a duplicate of #2607.

comment:2 Changed 7 years ago by <automation>

Owner: z3p deleted
Note: See TracTickets for help on using tickets.