[Xastir] Help with permissions

Tom Russo russo at bogodyn.org
Tue Aug 15 14:36:07 PDT 2017 

On Tue, Aug 15, 2017 at 04:21:45PM -0400, we recorded a bogon-computron collision of the <rob at nollmail.com> flavor, containing:
> 
> At the moment, my solution is to set the SUID bit on the Xastir binary.
> This is allowing Xastir to set the system time and seems to solve my
> problem.  However, I'm unclear as to whether this is an excessive security
> risk and/or a bad method of doing things.  One Xastir page mentions that
> this method is necessary to use an AX.25 server, but another page mentions
> in capital letters not to run Xastir as root.  I do not know if setting the
> SUID bit is the same as running it as root but it seems like it would be.

Having the SUID bit set is not exactly the same as running as root.  Xastir
has code that enables and disables its root access only when it needs it for
something specific (accessing AX.25 ports, setting system time, etc.).  It
is still using your own permission levels for things like filesystem access,
so you can't accidentally clobber files you don't own.


You can see evidence of this in src/gps.c, where you'll find this:

#ifdef HAVE_SETTIMEOFDAY

ENABLE_SETUID_PRIVILEGE;
                settimeofday(&tv, &tz);
DISABLE_SETUID_PRIVILEGE;

#endif  // HAVE_SETTIMEOFDAY

And the ENABLE/DISABLE_SETUID_PRIVILEGE macros are defined in src/main.h as:

#define DISABLE_SETUID_PRIVILEGE do { \
seteuid(getuid()); \
setegid(getgid()); \
if (debug_level & 4) { fprintf(stderr, "Changing euid to %d and egid to %d\n", (
int)getuid(), (int)getgid()); } \
} while(0)

#define ENABLE_SETUID_PRIVILEGE do { \
seteuid(euid); \
setegid(egid); \
if (debug_level & 4) { fprintf(stderr, "Changing euid to %d and egid to %d\n", (int)euid, (int)egid); } \
} while(0)


That is, right before Xastir attempts to set the time of day from the GPS,
it asserts its SUID privilege (if it has such privilege) by setting the 
effective UID from the file ownership, and then drops it by resetting to 
the UID of the *process* owner (you).

It isn't exactly bulletproof protection against the sort of abuse that
running as root would be, but so long as you trust that there isn't malicious
code in Xastir that would abuse SUID, then it's "safer."  Most Xastir
users who use it with AX.25 networking (which allows KISS TNC sharing with 
other programs, among other things) have been using Xastir with SUID set for
a very long time.

And yes, you need to have that set if you want Xastir to be able to set
the system time from your GPS.  

[As I type this, I see that Curt has just responded, so I'm stopping here]
-- 
Tom Russo    KM5VY   SAR502   DM64ux          http://www.swcp.com/~russo/
Tijeras, NM  QRPL#1592 K2#398  SOC#236        http://kevan.org/brain.cgi?DDTNM
 echo "prpv_a'rfg_cnf_har_cvcr" | sed -e 's/_/ /g' | tr [a-m][n-z] [n-z][a-m]

More information about the Xastir mailing list