Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Sep 2015 19:08:18 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: cve-assign@...re.org
Cc: siddharth@...hat.com, fw@...eb.enyo.de, oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request for glusterfs:  fuse check return
 value of setuid

On Fri, Sep 04, 2015 at 08:42:10PM -0400, cve-assign@...re.org wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1254488
> > http://review.gluster.org/#/c/10780/
> > https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6

>   - the only goal in calling setuid is to execute /bin/mount (or
>     /bin/umount) from a process with both an effective UID of 0 and a
>     real UID of 0. This is a requirement of the util-linux mount
>     program. See the "if we're really root and aren't running setuid"
>     comment in mount.c. Otherwise, for the types of mount usage in
>     question, mount would print "mount: only root can do that" and
>     exit.

This is an excellent analysis but does it hinge upon the util-linux "aren't
running suid" behaviour in mount? Does it matter that the busybox mount,
for example, doesn't appear to have this same requirement? I don't see
any corresponding code in:

http://sources.debian.net/src/busybox/1:1.22.0-15/util-linux/mount.c/

I'm certainly no busybox expert but nothing looks like a corresponding
uid == 0 && euid == 0 check. The call to sanitize_env_if_suid() even
suggests setuid execution is expected and anticipated.

Thanks

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ