oss-sec mailing list archives

Re: CVE request: oping allows the disclosure of arbitrary file contents

From: Tomas Hoger <thoger () redhat com>
Date: Tue, 17 Nov 2009 20:48:12 +0100

On Mon, 16 Nov 2009 17:39:30 -0500 (EST) Josh Bressers wrote:

Does the RLIMIT_NPROC trick work against oping, or any setuid app
that calls setuid(getuid())?


This should work for everything that calls setuid()

I have a little bit about this here:
http://www.bress.net/blog/archives/34-setuid-madness.html


My previous web search did find that one.  Though set_user() doing
NPROC check is only called when new uid differs from current real uid
(so not called in setuid(getuid()) case).

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

Re: CVE request: oping allows the disclosure of arbitrary file contents, (continued)
- - Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 16)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Oct 16)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents yersinia (Oct 17)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents security curmudgeon (Nov 09)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 09)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 16)
  - Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 16)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 17)