Secure testing team - Aug 2011 - Bug#636768: rrdcached: Should be chrooted and run as another user by default

Package: rrdcached
Version: 1.4.3-3.1+b2
Severity: normal
Tags: security

Hi,

I spoted few important issues which should be solved in rrdcached,
before somebody get hurt.

I think it would be very good to make rrdcached chrootable,
and indeed chroot it by default.

There is no operation which needs root permision there,
and also considering rrdcached could be setuped to listen
on TCP socket, I think it should be secured (I know
it already should be secured in firewall, but if rrdcached
is gethering rrd updates from lots of different servers,
there is always probability one of them will be compromised
and used to perform attack.)

Also there is no particular reason rrdcached should be running as root,
as it is now. There should be separete user/group for it,
and all file operations (maybe exluding initial socket creation)
should be done as it.

It also will simplify rrd reading. Currently one needs to be read
rrd files, for example to create graphs or analyze them in other way.
Starting rrdcache as other user, groups, and allowing specifing
permisions and owner/group of new files will make it much easier,


Also manpage says

"
  The daemon will blindly write to any file it gets told, so you really should
create a
       separate user just for this daemon. Also it does not do any sanity
checks, so if it
       gets told to write values for a time far in the future, your files will
be messed up
       good!
"


So, please follow this nice recomendation.

Thanks you.



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (1,
''experimental'')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-t43-prod-03124-g81d6743-dirty
Locale: LANG=pl_PL.utf8, LC_CTYPE=pl_PL.utf8 (charmap=UTF-8) (ignored: LC_ALL
set to pl_PL.utf8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rrdcached depends on:
ii  libc6                       2.13-13      Embedded GNU C Library: Shared lib
ii  libcairo2                   1.10.2-6.1   The Cairo 2D vector graphics libra
ii  libdbi1                     0.8.4-5.1    DB Independent Abstraction Layer f
ii  libglib2.0-0                2.28.6-1     The GLib library of C routines
ii  libpango1.0-0               1.28.4-1     Layout and rendering of internatio
ii  libpng12-0                  1.2.46-3     PNG library - runtime
ii  librrd4                     1.4.3-3.1+b2 time-series data storage and displ
ii  libxml2                     2.7.8.dfsg-4 GNOME XML library

rrdcached recommends no packages.

rrdcached suggests no packages.

-- Configuration Files:
/etc/default/rrdcached changed [not included]

-- no debconf information