Date: Thu, 23 Feb 2017 11:01:48 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Subject: Re: util-linux 2.29.2 fixes CVE-2017-2616 On Thu, Feb 23, 2017 at 10:40:54AM +0100, Hanno Böck wrote: > Hi, > > On Thu, 23 Feb 2017 08:46:30 +0100 > Marcus Meissner <meissner@...e.de> wrote: > > > util-linux 2.29.2 fixes CVE-2017-2616, a race condition which allowed > > local users to kill other processes. > > I just reported this in Gentoo , yet I was informed that we're not > using su from util-linux, but from shadow. So depending on the > distribution you may not use this implementation of su. > > I haven't digged deeper into this, can you say if this issue is > generic enough to be expected in other implementations as well? (Not > sure if the implementations of su in shadow and util-linux share a > common codebase, seems to be quite old stuff.) > >  https://bugs.gentoo.org/show_bug.cgi?id=610664 coreutils uses the same su.c codebase, so it is also affected. Looking at shadow su.c code, it calls waitpid ... and does not handle the pid_child exiting case after calling waitpid. So I would think it is affected without digging deeper. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ