oss-sec mailing list archives
Re: CVE Request for glusterfs: fuse check return value of setuid
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 18 Aug 2015 14:44:51 +0200
* Siddharth Sharma:
Problem description from the bug: https://bugzilla.redhat.com/show_bug.cgi?id=1254488 setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root, the real UID and saved set-user-ID are also set. On success, zero is returned. On error, -1 is returned, and errno is set appropriately. Note: there are cases where setuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from setuid(). if an environment limits the number of processes a user can have, setuid() might fail if the target uid already is at the limit. Can we have CVE assigned to this ? Upstream Ref: http://review.gluster.org/#/c/10780/ https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6
Original code: <http://sourceforge.net/p/fuse/fuse/ci/master/tree/lib/mount_util.c#l103> Pluse two more locations in that file. A single CVE ID for all these issues should probably suffice.
Current thread:
- CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Aug 18)
- Re: CVE Request for glusterfs: fuse check return value of setuid Florian Weimer (Aug 18)
- Re: CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Aug 25)
- Re: CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Sep 02)
- Re: CVE Request for glusterfs: fuse check return value of setuid cve-assign (Sep 04)
- Re: Re: CVE Request for glusterfs: fuse check return value of setuid Seth Arnold (Sep 04)
- Re: CVE Request for glusterfs: fuse check return value of setuid cve-assign (Sep 04)
- Re: Re: CVE Request for glusterfs: fuse check return value of setuid Seth Arnold (Sep 04)
- Re: CVE Request for glusterfs: fuse check return value of setuid Florian Weimer (Aug 18)