| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 May 2008 01:07:34 -0700 From: Chris Wright <chrisw@...s-sol.org> To: "Andrew G. Morgan" <morgan@...nel.org> Cc: Chris Wright <chrisw@...s-sol.org>, Dave Jones <davej@...emonkey.org.uk>, Linux Kernel <linux-kernel@...r.kernel.org>, bojan@...ursive.com, "Serge E. Hallyn" <serue@...ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, Linux Security Modules List <linux-security-module@...r.kernel.org> Subject: Re: capget() overflows buffers. * Andrew G. Morgan (morgan@...nel.org) wrote: > Your concern is for the situation when the garbage happens to correspond > to an apparently meaningful setting for the upper capability bits? The > problem being that this privileged application is more privileged than > intended? I agree that this is not ideal. Yep, exactly. > In practice, however, this is only a real problem if named (or a > similarly structured program) has a security related bug in it. No? It's dropped privileges to help mitigate any security related bug it may contain. It's conceivable (albeit remote[1]) that fork/exec plus inheritable could leak privs w/out a security related bug. > Is this your concern, or have I missed something? That's it. thanks, -chris [1] Get lucky combo in the garbage bits and have not shed uid 0. Much less likely. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists