Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Jan 2017 01:20:49 +0500
From: "Alexander E. Patrakov" <patrakov@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Headsup: systemd v228 local root exploit (CVE-2016-10156)

2017-01-24 13:55 GMT+05:00 Sebastian Krahmer <krahmer@...e.com>:
> Hi
>
> This is a heads up for a trivial systemd local root exploit, that
> was silently fixed in the upstream git as:
>
> commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e
> Author: ....
> Date:   Fri Jan 29 23:36:08 2016 +0200
>
>     basic: fix touch() creating files with 07777 mode

That's important for users of Arch Linux and other rolling distributions.

If the system has booted the vulnerable version of systemd at least
once, then the files with dangerous permissions will be there. There
is no code in systemd that fixes permissions on already existing stamp
files. There is no postinstall script in Arch that does it, either.
So, you have to fix permissions to 0644 or remove the stamp files
manually, once, even though the commit appeared in Arch repositories
long time ago.

-- 
Alexander E. Patrakov

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.