oss-sec mailing list archives

Minor security flaw with pam_xauth

From: Tim Brown <timb () nth-dimension org uk>
Date: Mon, 16 Aug 2010 12:05:13 +0100

Here's another bug where privileged code isn't checking the return value from 
setuid():

http://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663

I don't think this needs a CVE as I haven't found a useful way to exploit it 
but maybe someone on here will spot something I've missed.  Either way, I 
would have thought it should be fixed.

Tim

PS Is it just me or does "I fail to see how RLIMIT_NPROC should have any affect 
on setuid." in the comments a touch disconcerting given that it's from the PAM 
maintainer?
-- 
Tim Brown
<mailto:timb () nth-dimension org uk>
<http://www.nth-dimension.org.uk/>

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Minor security flaw with pam_xauth Tim Brown (Aug 16)
- Re: Minor security flaw with pam_xauth Steven M. Christey (Aug 16)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
  - Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
    - Re: Minor security flaw with pam_xauth Steven M. Christey (Sep 21)
    - Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
    - Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
    - Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
    - Re: Minor security flaw with pam_xauth Solar Designer (Sep 24)
    - Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
    - Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)

(Thread continues...)