Date: Mon, 14 Mar 2011 08:32:24 -0400 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: oss-security@...ts.openwall.com Cc: Ludwig Nussel <ludwig.nussel@...e.de>, Petr Baudis <pasky@...e.cz> Subject: Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Sigh. Unfortunately I think this is the truth - I just wish there were an easier way of addressing this besides patching every affected helper individually. Unless anyone else has any ideas, I'll write up some patches for affected programs later today. -Dan On Mon, Mar 14, 2011 at 8:14 AM, Ludwig Nussel <ludwig.nussel@...e.de> wrote: > Dan Rosenberg wrote: >> There are a few possible options We could patch glibc to try to >> raise the rlimit in addmntent(). [...] > > Citing our glibc maintainer Petr Baudis via Bugzilla: > > | I have been thinking about it and I'm not at all sure the proposed solution > | makes sense. First, this may also concern the obscure interfaces like > | putspent() (not sure if anyone uses these, moreover in security relevant > | contexts). Second, messing with RLIMIT_FSIZE within library routine is just > | evil. The caller may be multi-threaded or just do something else between > | setpwent() and endpwent() too and RLIMIT_FSIZE is just evil. All setuid > | programs must sanitize things like this, on their own terms. > > cu > Ludwig > > -- > (o_ Ludwig Nussel > //\ > V_/_ http://www.suse.de/ > SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.