oss-sec mailing list archives
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 24 Apr 2012 12:24:28 +0200
Indeed, the point was to also check against fscaps: https://bugzilla.novell.com/show_bug.cgi?id=694598 At least it should be considered for future builds. The mount.nfs case was only interesting for the suid bit. (also see http://turing.suse.de/~krahmer/libs-vs-fscaps/) Sebastian On Tue, Apr 24, 2012 at 12:03:58PM +0200, Florian Weimer wrote:
* Marcus Meissner:Would you mind sharing the patch you used in SLE packages? It does not seem to have been fixed in OpenSUSE yet. Thanks!I just did a basic uid check.Shouldn't you check GID against EGID, too, for completeness?
-- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)