After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 405737 - root user should be able to communicate w/user ORBs via sockets
root user should be able to communicate w/user ORBs via sockets
Status: RESOLVED FIXED
Product: ORBit2
Classification: Deprecated
Component: general
unspecified
Other All
: Normal major
: ---
Assigned To: ORBit maintainers
ORBit maintainers
Depends on:
Blocks:
 
 
Reported: 2007-02-08 14:09 UTC by bill.haneman
Modified: 2008-09-23 08:11 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description bill.haneman 2007-02-08 14:09:52 UTC 
In order for an ORB owned by root to access an IOR exposed by a user-owned ORB, at present IPv4 IIOP communication must be enabled in the root user's .orbitrc.  This potentially exposes a security hole, and it is not obvious that this need be so.

See bug 163132, particularly comments 62, 65, 78, 80.

So - we should move the bug to ORBit2.
pasted from comment 78 of bug #163132:
"Basically IMHO it should be acceptable for an end-user's ORB to accept
connections from the root user.

Indeed, it's rather a mystery as to why this is not (already) the case. Opening
an IPv4 port is a disasterous solution to this problem.

What is necessary is -only- for someone to follow the straces carefully and
work out why a root user is not allowed to connect; isolate that piece of code
(or UDS permissions issue).

It's entirely -possible- that a simple 'chown $USER:root /tmp/orbit-$USER' and
some more suitable permissions on that directory would solve the problem
without any recorse to these insecure & unhelpful solutions :-)

Again - someone needs to buy a copy of Stephens Unix Network Programming, learn
to use strace, get a suitable environment setup, trace the thing that fails &
which should work, read the ORBit2 code, and fix it :-) this is not beyond the
wit of man, but I cannot do it."
Comment 1 Ariel Rios 2007-02-08 17:27:00 UTC 
Bill,

About a month ago I asked Michael about this. I talked with George about it and I have it on my list of TODOS. Depending on the importance of this I can move it way up on the priorities list. And yes I have Stephens book.
Comment 2 George Kraft IV 2007-02-12 14:53:44 UTC 
Does the iptables and/or SElinux protect the system if using IPv4 IIOP by ORBit2?
Comment 3 Henrik Nilsen Omma 2007-02-12 15:22:57 UTC 
"I have it on my list of TODOS. Depending on the importance of this I can move
it way up on the priorities list."

It would certainly be great to be able to ship this with Feisty (final release mid-April).
Comment 4 Michael Meeks 2007-02-12 16:26:21 UTC 
Presumably it's not beyond Canonical to be able to resource fixing this themselves ? as I say, it shouldn't be impossibly difficult - a few hours of James Henstrige's time (eg.) ;-)
Comment 5 George Kraft IV 2007-02-12 18:54:19 UTC 
FYI, Ariel working on Accessibility::Collection() is his first priority.  I just want to make certain that nobody is waiting on a patch from him.  :-)
Comment 6 Kjartan Maraas 2008-09-21 19:23:10 UTC 
Is this in any way related?

2008-08-11  Mike Gorse  <mgorse@novell.com>

        * src/orb/GIOP/giop.c (giop_tmpdir_init): use ORBIT_SOCKETDIR
        to propagate the socket dir to children wherever possible: has
        two benefits: speeds up ORBit2 launch, and allows root owned
        apps to talk to the user's AT.
Comment 7 Michael Meeks 2008-09-23 08:11:04 UTC 
yes indeed, Mike fixed this properly; IIWY I'd turn off any nasty IPv4 local hacks to work around this (that arn't also necessary to work around Java).