Bug 238530 - [PATCH] net-mgmt/netdata: Set plugin setuid bit
Summary: [PATCH] net-mgmt/netdata: Set plugin setuid bit
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mahdi Mokhtari
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-12 20:12 UTC by Christian Baltini
Modified: 2019-07-04 20:32 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (mmokhi)


Attachments
updated pkg-plist with plugin setuid (1.23 KB, text/plain)
2019-06-12 20:12 UTC, Christian Baltini
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Baltini 2019-06-12 20:12:43 UTC
Created attachment 205018 [details]
updated pkg-plist with plugin setuid

The Netdata install script runs chmod 4750 on plugins that require root privileges.

I have updated pkg-plist to apply the same permissions.

I have tested FreeIPMI functionality working out-of-the box with the updated pkg-plist.
Comment 1 Christian Baltini 2019-06-12 20:14:33 UTC
For reference, see Netdata installation script:
https://github.com/netdata/netdata/blob/master/netdata-installer.sh#L724
Comment 2 Christian Baltini 2019-07-04 20:32:12 UTC
I noticed that my patch actually doesn't work because the plugins are not owned by netdata.  Therefore the 4750 permissions don't allow the daemon to access the plugins.
Changing to 4755, but it gives arbitrary users the ability to run the plugins as root, which strikes me as a security risk.

I am wondering if the correct way to handle this is to change the ownership to root:netdata and stick with the 4750 permissions.