Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Feb 2017 11:01:48 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: util-linux 2.29.2 fixes CVE-2017-2616

On Thu, Feb 23, 2017 at 10:40:54AM +0100, Hanno Böck wrote:
> Hi,
> 
> On Thu, 23 Feb 2017 08:46:30 +0100
> Marcus Meissner <meissner@...e.de> wrote:
> 
> > util-linux 2.29.2 fixes CVE-2017-2616, a race condition which allowed
> > local users to kill other processes.
> 
> I just reported this in Gentoo [1], yet I was informed that we're not
> using su from util-linux, but from shadow. So depending on the
> distribution you may not use this implementation of su.
> 
> I haven't digged deeper into this, can you say if this issue is
> generic enough to be expected in other implementations as well? (Not
> sure if the implementations of su in shadow and util-linux share a
> common codebase, seems to be quite old stuff.)
> 
> [1] https://bugs.gentoo.org/show_bug.cgi?id=610664

coreutils uses the same su.c codebase, so it is also affected.


Looking at shadow su.c code, it calls waitpid ... and does not handle
the pid_child exiting case after calling waitpid.

So I would think it is affected without digging deeper.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ