oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

From: Josh Bressers <bressers () redhat com>
Date: Mon, 7 Mar 2011 15:24:23 -0500 (EST)
----- Original Message -----


It seems like fixing glibc to either raise the rlimit or correctly handle
the error condition is the way to go (as you already mentioned). I share
the concern of the helpers maybe not checking addmntent() return codes,
though. If they all do, I would think that just correct error handling in
glibc would be accepted upstream. Whatever the fix, it really feels like
it should be in glibc. It is what is responsible for actually writing to
the file...



I'm going to assign CVE-2011-1089 to this, under the assumption the fix
will go into glibc (it's a bit confusing, but I think I follow from playing
along at home).

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: