| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2024 09:28:59 +0200 (EET) From: Harry Sintonen via Fulldisclosure <fulldisclosure@...lists.org> To: Georgi Guninski <gguninski@...il.com> Cc: Harry Sintonen <harry@...tonen.fi>, fulldisclosure@...lists.org Subject: Re: [FD] cpio privilege escalation vulnerability via setuid files in cpio archive On Tue, 9 Jan 2024, Georgi Guninski wrote: > On Tue, Jan 9, 2024 at 12:45 AM Harry Sintonen <harry@...tonen.fi> wrote: >> >> On Mon, 8 Jan 2024, Georgi Guninski wrote: >> >>> When extracting archives cpio (at least version 2.13) preserves >>> the setuid flag, which might lead to privilege escalation. >> >> So does for example tar. The same rules that apply to tar also apply to >> cpio: >> > > > Which version of tar is vulnerable to this attack? Tar does set setuid bit, but tar is not vulnerable. This is not an attack. The user is responsible for extracting the archives to secure location and not letting other users access to insecure setuid binaries. See: https://www.gnu.org/software/tar/manual/html_section/Security.html#Security-rules-of-thumb These same security considerations also apply to cpio. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists