Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Feb 2014 11:50:29 -0500 (EST)
From: cve-assign@...re.org
To: helmut@...divi.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738855
> Message #34

This message starts by discussing initscripts, but ends by discussing
a CVE assignment for systemd. That CVE assignment would potentially be
reasonable, but we wanted to first clarify what is being asked. We
think you mean:

  - adding a patch to initscripts to introduce more compatibility
    between initscripts and systemd may be considered a security
    enhancement, and probably would not be considered a vulnerability
    fix, so no CVE ID is being requested for a problem in the
    unpatched initscripts code

  - this systemd commit

       http://cgit.freedesktop.org/systemd/systemd/commit/src/core/killall.c?id=bd3fa1d2434aa28564251ac4da34d01537de8c4b

    introduced the killall.c file. In the first version of this file, the

       /* Non-root processes otherwise are always subject to be killed */
       if (uid != 0)
               return false;

       ...

       /* Processes with argv[0][0] = '@' we ignore from the killing
        * spree.
        *
        * http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons */
        if (count == 1 && c == '@')
                return true;
       
        return false;

    code was included.

  - you are proposing that the above "return true" line is a
    vulnerability because it may allow a not-fully-privileged root
    user to cause data loss. This could possibly have one CVE ID. One
    of the arguments against assigning a CVE ID is that this "return
    true" could have been an intentional tradeoff between perfect
    privilege checking and design complexity. For environments with
    not-fully-privileged root users, we're not sure whether there's
    general acceptable of a guideline that OS components must never
    contain any program logic to make any security-relevant decision
    on the basis of the uid value.

  - versions of systemd before
    bd3fa1d2434aa28564251ac4da34d01537de8c4b, in which killall.c did
    not exist, may have had other problems because the right processes
    were not killed at the right times. This could possibly have a
    second CVE ID if there were security implications.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS/kjTAAoJEKllVAevmvmsNHQH/AlPmrhJVIatj4vPKWj8bPSj
Te1Yc9/kU3Z/Ox7zu4tM7HpAK4ZlNk1NNl8trgICnc0dMcbcv/KjL5wj/g9AzLTk
GR1ItUF6JtiyTrEfP/WhaH1DEkKn3p5/XvBWdzd+0+cxFVoBnvYwMtXWv2vWsLPQ
QRSOeInvqYQtpaetXUA3TNATd9FjTBCX8xYwj1rPAee0cQ3CSeE4+HckG5hCtvct
aJ0/F6SuiSBzc3BvlmZC+8QPptYc6XrcSdkXDB11dkqeDJ4jXGRL+IBTYS2rfEWl
xg44LbowiUjoN/4gieZZsrHVgAdhGi404HiediU5qorDFSrc7Dcmk4/xHWLcYqU=
=BYck
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.