oss-sec mailing list archives
Re: CVE Request coreutils
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 23 Jan 2013 08:47:35 +0100
On Tue, Jan 22, 2013 at 08:47:46AM -0700, Vincent Danen wrote:
* [2013-01-22 08:25:23 +0100] Sebastian Krahmer wrote:Generally, I see your point. However sometimes services running as root 'sort' or 'uniq' user input e.g. via grepping logfiles etc, so there is indeed a real chance to indirectly trigger a privilege escalation. The past shows that segfaults can be turned into a code exec often. Its a stack overflow after all.Do you believe this would be the case with modern GCC/Glibc hardening though? Wouldn't this just be rendered a crash?
Are you serious? And since when will CVE's not be assigned because some mitigation could possibly prevent a stack overflow being turned into code exec?
But even then, if we're talking about logfiles (which is a reasonable case) you'd have to be allowing user-controlled input to your logs, which would mean you'd have another problem.
You mean like 'logger -t sshd failed login attempt' ?
I'm also assuming, based on the comments in the first bug, that you need a really large line (not just an entire file, but one line). How likely is it that you would be grepping a log file with ~10MB of data on one line?
Not very common indeed, but I think its not the point (logfiles were just _one_ example). Nevertheless, you seem to shift your arguments. For each reason/attack vector I answer, you bring up two new reasons why this not an issue. At the end, I did not spot the bug; if the majority thinks its not worth a CVE, I can live with it. It would just have made tracking easier. regards, Sebastian PS: Reminds me to the one-year dbus discussion where everyone told me that this can never be a problem. -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
- Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 22)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 23)
- Re: CVE Request coreutils Florian Weimer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Florian Weimer (Jan 22)