oss-sec mailing list archives
Re: CVE request: kernel: missing capabilities in fs_mask
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 24 Apr 2009 18:06:16 -0400 (EDT)
On Thu, 23 Apr 2009, Eugene Teo wrote:
"When POSIX capabilities were introduced during the 2.1 Linux cycle, the fs mask, which represents the capabilities which having fsuid==0 is supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE. However, before capabilities the privilege to call these did in fact depend upon fsuid==0.
How is this different than CVE-2009-1072? That CVE is based on the same bug report by Igor Zhbanov, although the description doesn't mention CAP_LINUX_IMMUTABLE. - Steve ====================================================== Name: CVE-2009-1072 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 Reference: MLIST:[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? Reference: URL:http://thread.gmane.org/gmane.linux.kernel/805280 Reference: MLIST:[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/23/1 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 Reference: SUSE:SUSE-SA:2009:021 Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html Reference: BID:34205 Reference: URL:http://www.securityfocus.com/bid/34205 Reference: SECUNIA:34422 Reference: URL:http://secunia.com/advisories/34422 Reference: SECUNIA:34432 Reference: URL:http://secunia.com/advisories/34432 Reference: SECUNIA:34786 Reference: URL:http://secunia.com/advisories/34786 Reference: VUPEN:ADV-2009-0802 Reference: URL:http://www.vupen.com/english/advisories/2009/0802 Reference: XF:linux-kernel-capmknod-security-bypass(49356) Reference: URL:http://xforce.iss.net/xforce/xfdb/49356 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Current thread:
- CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 22)
- Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 22)
- Re: CVE request: kernel: missing capabilities in fs_mask Steven M. Christey (Apr 24)
- Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 25)
- VDBs (was Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask) security curmudgeon (Apr 25)
- Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 25)