Date: Tue, 18 Aug 2015 14:44:51 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Re: CVE Request for glusterfs: fuse check return value of setuid * Siddharth Sharma: > Problem description from the bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=1254488 > > setuid() sets the effective user ID of the calling process. > If the effective UID of the caller is root, the real UID and > saved set-user-ID are also set. On success, zero is returned. > On error, -1 is returned, and errno is set appropriately. > > Note: there are cases where setuid() can fail even when the > caller is UID 0; it is a grave security error to omit checking > for a failure return from setuid(). if an environment limits > the number of processes a user can have, setuid() might fail if > the target uid already is at the limit. > > Can we have CVE assigned to this ? > > Upstream Ref: > > http://review.gluster.org/#/c/10780/ > https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6 Original code: <http://sourceforge.net/p/fuse/fuse/ci/master/tree/lib/mount_util.c#l103> Pluse two more locations in that file. A single CVE ID for all these issues should probably suffice.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ