oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization

From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 24 Apr 2012 12:24:28 +0200

Indeed, the point was to also check against fscaps:

https://bugzilla.novell.com/show_bug.cgi?id=694598

At least it should be considered for future builds. The mount.nfs
case was only interesting for the suid bit.

(also see http://turing.suse.de/~krahmer/libs-vs-fscaps/)

Sebastian

On Tue, Apr 24, 2012 at 12:03:58PM +0200, Florian Weimer wrote:

* Marcus Meissner:


Would you mind sharing the patch you used in SLE packages?  It does not
seem to have been fixed in OpenSUSE yet.  Thanks!


I just did a basic uid check.


Shouldn't you check GID against EGID, too, for completeness?


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

---
SUSE LINUX Products GmbH,
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
Previous By Date Next
Previous By Thread Next

Current thread: