* Do people exaggerate in security advisories?
@ 2008-01-04 12:21 Manuel Reimer
2008-01-04 16:50 ` Manuel Reimer
2008-01-04 20:28 ` Valdis.Kletnieks
0 siblings, 2 replies; 3+ messages in thread
From: Manuel Reimer @ 2008-01-04 12:21 UTC (permalink / raw)
To: linux-kernel
Hi,
I found this one today:
http://securitytracker.com/alerts/2007/Oct/1018782.html
In the git changelog:
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b608390595783
7a271e80b187e
noone leaves any word about privilege escalation.
Is it really possible to get root privileges with this bug or are there
people who just write "may be used to escalate privileges" near any bug
which has something to do with "setuid" or "setgid"?
Thanks in advance
CU
Manuel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Do people exaggerate in security advisories?
2008-01-04 12:21 Do people exaggerate in security advisories? Manuel Reimer
@ 2008-01-04 16:50 ` Manuel Reimer
2008-01-04 20:28 ` Valdis.Kletnieks
1 sibling, 0 replies; 3+ messages in thread
From: Manuel Reimer @ 2008-01-04 16:50 UTC (permalink / raw)
To: linux-kernel
Hello,
Shame on me, but I didn't look carefully at the patch. The patch, of
course, tries to get rid of root privileges and doesn't try to get them.
As I also posted to the wrong list, by accident, lets assume this topic
as closed.
Yours
Manuel Reimer
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Do people exaggerate in security advisories?
2008-01-04 12:21 Do people exaggerate in security advisories? Manuel Reimer
2008-01-04 16:50 ` Manuel Reimer
@ 2008-01-04 20:28 ` Valdis.Kletnieks
1 sibling, 0 replies; 3+ messages in thread
From: Valdis.Kletnieks @ 2008-01-04 20:28 UTC (permalink / raw)
To: Manuel Reimer; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 981 bytes --]
On Fri, 04 Jan 2008 13:21:32 +0100, Manuel Reimer said:
> Is it really possible to get root privileges with this bug or are there
> people who just write "may be used to escalate privileges" near any bug
> which has something to do with "setuid" or "setgid"?
It looks like it really *is* possible to do some damage, if you can make
several things happen:
1) Cause set[ug]id() to fail, possibly using a crafted 'capabilities' list.
2) Get it to invoke a helper that's now running with different permissions than
it was designed to, and feed said helper some carefully crafted malicious or
bogus data.
Given that it is semantically almost identical to the Sendmail-capabilities
bug from a few years ago, which was *certainly* abusable to get root, it would
be foolish to think anything *except* "this sucker should be assumed to be
a root exploit until *proven* otherwise". Anybody who thinks "I don't see
how to exploit it, so it can't be done" is in for a rude surprise....
[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-01-04 20:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-04 12:21 Do people exaggerate in security advisories? Manuel Reimer
2008-01-04 16:50 ` Manuel Reimer
2008-01-04 20:28 ` Valdis.Kletnieks
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox