Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Apr 2015 09:41:46 +0200
From: Florian Weimer <fweimer@...hat.com>
To: Kees Cook <keescook@...omium.org>
CC: oss-security@...ts.openwall.com
Subject: Re: kernel: fs.suid_dumpable=2 privilege escalation

On 04/16/2015 08:41 PM, Kees Cook wrote:
> On Thu, Apr 16, 2015 at 5:42 AM, Florian Weimer <fweimer@...hat.com> wrote:
>> Should this be treated as a security vulnerability?
>>
>> “fs: make dumpable=2 require fully qualified path”
>> <http://lwn.net/Articles/503682/>
>>
>> Some widely-used cronie versions still do not have hardening and parse
>> commands in core dumps.
> 
> I didn't seek a CVE for this at the time since it requires a pretty
> specific combination of configurations. Namely: setting dumpable=2
> without a dump handler, which I couldn't find any distro doing. I have
> no objection, of course.

Ah, right.  I noticed this while looking at the file-based coredump
emulation in abrt-hook-ccpp.  It's not the default, either, so we have
not yet assigned a CVE, and we probably won't call it a vulnerability.

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ