Date: Tue, 15 Dec 2015 16:18:12 -0500 (EST) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ > PAM library should not operate on shadow writable by anyone else than root user. In case there was interest in this report of a possibly unexpected PAM behavior: the MITRE CVE team has no current plans to assign a CVE ID. This seems to be essentially a design issue where multiple valid opinions may exist. In other words, if /etc/shadow is in an incorrect state, possibly the ideal outcome would be to halt the system until it can be recovered using console access, possibly the ideal outcome is to let the system continue running with otherwise normal software behaviors in case an authorized user is relying on those behaviors to fix the problem, or possibly it's something in between. Another example would be a case where /etc/shadow is not critically misconfigured (e.g., owned by the man account) but only slightly misconfigured (e.g., the root group has read access). Some people may prefer a design in which password-based authentication always fails until the permissions are fixed; however, that's not necessarily the prevailing opinion. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWcIMhAAoJEL54rhJi8gl5oJsQAIZWMm3K94q59jP/HzruZbfn WCo8GXY1lRnjWfcfSncS+SgSwI/gNDIQAq2Z+EzPrTd27zmXEQdL77affnWMWojX HslCHsAo5jAtk9ytNnalCKQ6Y6dNuoWa61O43F6IOZlksyRMrdapA9B3XXXr4MkA YHuEbSFK4tbgmUP/wM0RGZLV4a7LKWoDMKuLBTd56pWBQ7429QV2tVGPgx+xFg03 zaEiXE8w8s1qGXWQVICJaPhu5mCejDejzF34h0DhcxVJlzFpEaQIO1KZgtYUifDB cbPjSfZvdZGSZl3fJC+QBf20g4hyyocqUwzJI0qXpT0L6rhBzZoeRbuO8W/levZG oaZuVism8k3wvVC/NzmoG1nrPuNp4hp6hQIzdyPo+WwSyCFYSeZe0DPYh51kURZN qAA+R6LjQKPUwiOLpgRy1h19Qc08tfUvrZeTmT8ZB9s9LTpKZRy5N9/jJDne5lLZ KuNIu1Lz6LhdELIQdNEMJ/PbjQTUu1Y6us4geDJYaCmPyiqxl/bjXmj4jez2jScK 1FVWg9Pixdf811xY2FOouBOIeXHBWQlykEZcTFsy12ykolcHi81pXZTeatsoQZ8H yVGxe1+reNFULx1Yf3IOd1UWqsPoTE+jwEDO3s5REox7pigK4SGbxntREevkTLnu 8QvfJp8ra+vE0NgtoUZs =Z+Rm -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.