Date: Tue, 27 Oct 2020 13:23:01 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2020-25654 pacemaker: ACL restrictions bypass Hi All, Pacemaker is a high-availability cluster manager comprising multiple daemon processes that interact with each other and with user requests via IPC. Users must either be root or in the haclient group to access Pacemaker daemon IPC. One of these daemons, pacemaker-based, manages the Pacemaker configuration, known as the Cluster Information Base (CIB). Pacemaker may be built with support for Access Control Lists (ACLs) in which case pacemaker-based applies configured ACLs when processing user requests to read or write any part of the configuration. When ACLs are not in use, any user in the haclient group has full access to the configuration, which effectively gives them the ability to run any code as root. (This is intentional, as the point of a cluster manager is to run arbitrary services.) When ACLs are in use, users still must be in the haclient group, but their read and write access to various parts of the configuration is limited by configured ACLs. The vulnerability is that users may use IPC communication with the various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. This is not difficult; Pacemaker provides command-line tools to send many types of IPC requests. More details along with patches is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1888191 -- Huzaifa Sidhpurwala / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.