oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Mon, 14 Mar 2011 08:32:24 -0400
Sigh.  Unfortunately I think this is the truth - I just wish there
were an easier way of addressing this besides patching every affected
helper individually.  Unless anyone else has any ideas, I'll write up
some patches for affected programs later today.

-Dan

On Mon, Mar 14, 2011 at 8:14 AM, Ludwig Nussel <ludwig.nussel () suse de> wrote:

Dan Rosenberg wrote:

There are a few possible options   We could patch glibc to try to
raise the rlimit in addmntent(). [...]


Citing our glibc maintainer Petr Baudis via Bugzilla:

| I have been thinking about it and I'm not at all sure the proposed solution
| makes sense. First, this may also concern the obscure interfaces like
| putspent() (not sure if anyone uses these, moreover in security relevant
| contexts). Second, messing with RLIMIT_FSIZE within library routine is just
| evil. The caller may be multi-threaded or just do something else between
| setpwent() and endpwent() too and RLIMIT_FSIZE is just evil. All setuid
| programs must sanitize things like this, on their own terms.

cu
Ludwig

--
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Previous By Date Next
Previous By Thread Next

Current thread: