Date: Fri, 17 Apr 2015 09:41:46 +0200 From: Florian Weimer <fweimer@...hat.com> To: Kees Cook <keescook@...omium.org> CC: oss-security@...ts.openwall.com Subject: Re: kernel: fs.suid_dumpable=2 privilege escalation On 04/16/2015 08:41 PM, Kees Cook wrote: > On Thu, Apr 16, 2015 at 5:42 AM, Florian Weimer <fweimer@...hat.com> wrote: >> Should this be treated as a security vulnerability? >> >> “fs: make dumpable=2 require fully qualified path” >> <http://lwn.net/Articles/503682/> >> >> Some widely-used cronie versions still do not have hardening and parse >> commands in core dumps. > > I didn't seek a CVE for this at the time since it requires a pretty > specific combination of configurations. Namely: setting dumpable=2 > without a dump handler, which I couldn't find any distro doing. I have > no objection, of course. Ah, right. I noticed this while looking at the file-based coredump emulation in abrt-hook-ccpp. It's not the default, either, so we have not yet assigned a CVE, and we probably won't call it a vulnerability. -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ