Date: Thu, 24 Jan 2013 22:10:52 -0500 From: Steve Grubb <sgrubb@...hat.com> To: oss-security@...ts.openwall.com Cc: Kurt Seifried <kseifried@...hat.com> Subject: Re: [Security hardening] [Notification] haproxy (previously) failed to drop supplementary groups after setuid / setgid calls properly On Thursday, January 24, 2013 05:53:38 PM Kurt Seifried wrote: > So again, if you know of a way to exploit this please let us know, > otherwise we will continue to consider this a security hardening issue > and not a security vulnerability. The way these supplemental group issues work is that depending on the groups file, the daemon may try to change to user/group "nobody", but retains group root. This means that any file with group root write privs could be replaced/altered. My experience is that distros have enough files that permissions are wrong on something, somewhere. Its just a matter of finding it. find / -type f -perm -00020 -printf "%-60p %g\t%M\n" 2>/dev/null So, it boils down to the problem isn't a vulnerability by itself. However, should a _real_ vulnerability be found in the program, the CVSS score would be higher because the program has CWE-250. -Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.