Date: Fri, 4 Sep 2015 19:08:18 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: cve-assign@...re.org Cc: siddharth@...hat.com, fw@...eb.enyo.de, oss-security@...ts.openwall.com Subject: Re: Re: CVE Request for glusterfs: fuse check return value of setuid On Fri, Sep 04, 2015 at 08:42:10PM -0400, cve-assign@...re.org wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=1254488 > > http://review.gluster.org/#/c/10780/ > > https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6 > - the only goal in calling setuid is to execute /bin/mount (or > /bin/umount) from a process with both an effective UID of 0 and a > real UID of 0. This is a requirement of the util-linux mount > program. See the "if we're really root and aren't running setuid" > comment in mount.c. Otherwise, for the types of mount usage in > question, mount would print "mount: only root can do that" and > exit. This is an excellent analysis but does it hinge upon the util-linux "aren't running suid" behaviour in mount? Does it matter that the busybox mount, for example, doesn't appear to have this same requirement? I don't see any corresponding code in: http://sources.debian.net/src/busybox/1:1.22.0-15/util-linux/mount.c/ I'm certainly no busybox expert but nothing looks like a corresponding uid == 0 && euid == 0 check. The call to sanitize_env_if_suid() even suggests setuid execution is expected and anticipated. Thanks [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ