oss-sec mailing list archives
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
From: Josh Bressers <bressers () redhat com>
Date: Mon, 7 Mar 2011 15:24:23 -0500 (EST)
----- Original Message -----
It seems like fixing glibc to either raise the rlimit or correctly handle the error condition is the way to go (as you already mentioned). I share the concern of the helpers maybe not checking addmntent() return codes, though. If they all do, I would think that just correct error handling in glibc would be accepted upstream. Whatever the fix, it really feels like it should be in glibc. It is what is responsible for actually writing to the file...
I'm going to assign CVE-2011-1089 to this, under the assumption the fix will go into glibc (it's a bit confusing, but I think I follow from playing along at home). Thanks. -- JB
Current thread:
- Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 05)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Kees Cook (Mar 05)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Josh Bressers (Mar 07)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin (Mar 03)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 15)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Mar 22)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 22)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 31)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Patrick J. Volkerding (Mar 31)