Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Mar 2011 12:21:26 +0300
From: Vasiliy Kulikov <segoon@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: a collection of
 world-writable debugfs bugs

On Sun, Mar 20, 2011 at 15:45 -0400, Dan Rosenberg wrote:
> I don't mean to create unnecessary work, but have you actually
> confirmed that exposing each of these files as world-writable actually
> allows a user to cross privilege boundaries?

First 19 bugs allow anybody to interact with hardware on low level -
write to hw registers, load firmware, etc.

I'm not sure about ubifs debugfs files - they allow anybody to dump some
fs related information via printk(KERN_DEBUG, ...);  maybe it is just a
bit more precise statistics than statvfs(2) without any disclosure, but
I cannot understand it without understanding UBIFS internals.  Also this
may be not a bug in default distro setups as KERN_DEBUG messages are not
usually logged into world-readable log files.

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.