Re: Bug with dropping privileges when calling helpers: Is it critical? | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Fri, Jan 04, 2008 at 05:53:58PM +0100, Manuel Reimer wrote:
>
> It would be pretty helpful, if someone could give me some comments
> about this one:
>
> <http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e>
>
> I don't request an exploit, but it would be nice to know if this is
> a critical one, which has to be patched. As there seems to be no new
That's CVE-2007-5191. It wasn't evaluated as a critical security bug.
I think it already has been fixed in all major distributions.
> version of util-linux, maybe there is no need to patch immediately,
There is 2.13.0.1 release, see announce:
http://marc.info/?l=util-linux-ng&m=119304720010975&w=2
> but maybe I'm wrong. Could someone please answer the following with
> Yes or No:
>
> - Is it really possible to confuse the code, just because of the
> wrong order of setgid and setuid?
I think more important is that the original code doesn't checking
the return value of set{u,g}id().
> - If someone manages to keep root privileges at this point, then he
> would be able to call the helper with root privileges and so, for
> example, overmount /sbin with any NFS server, he wants, right?
It's not so simple, you need a relevant entry in /etc/fstab, because
mount(8) always checks your privileges before an exec(/sbin/mount.<type>).
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Site Home] [Netdev] [Ethernet Bridging] [Linux Wireless] [Kernel Newbies] [Memory] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Rubini] [Photo] [Yosemite] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba] [Video 4 Linux] [Linux Resources]