Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Sep 2015 19:08:18 -0700
From: Seth Arnold <>
Subject: Re: Re: CVE Request for glusterfs:  fuse check return
 value of setuid

On Fri, Sep 04, 2015 at 08:42:10PM -0400, wrote:
> >
> >
> >

>   - the only goal in calling setuid is to execute /bin/mount (or
>     /bin/umount) from a process with both an effective UID of 0 and a
>     real UID of 0. This is a requirement of the util-linux mount
>     program. See the "if we're really root and aren't running setuid"
>     comment in mount.c. Otherwise, for the types of mount usage in
>     question, mount would print "mount: only root can do that" and
>     exit.

This is an excellent analysis but does it hinge upon the util-linux "aren't
running suid" behaviour in mount? Does it matter that the busybox mount,
for example, doesn't appear to have this same requirement? I don't see
any corresponding code in:

I'm certainly no busybox expert but nothing looks like a corresponding
uid == 0 && euid == 0 check. The call to sanitize_env_if_suid() even
suggests setuid execution is expected and anticipated.


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ