oss-sec mailing list archives
Re: radvd 1.8.2 released with security fixes
From: Vasiliy Kulikov <segoon () openwall com>
Date: Fri, 14 Oct 2011 12:13:39 +0400
Hi Huzaifa, On Fri, Oct 14, 2011 at 10:15 +0530, Huzaifa Sidhpurwala wrote:
I dont think so. From the code i have read so far, here is what seems to happen. - radvd starts as root - reads the configs - if a username is specified (user=radvd in most cases): - if "--singleprocess" is not specified: - run privsep_init(): This forks another process which runs as root. So after this point we have two processes both running as root - If privsep_init() fails, we have just one process running as root - run drop_root_privileges(): If this succedes, we have two processes one running as root and another as radvd user, or if privsep_init() failed earlier, we have one process running as radvd user. If this fails, application quits - If username was not specified radvd continues to run as a single process as root. So failure in privsep_init() results in just one process running as radvd user. If it did not fail it would result in one process running as root and another as radvd user. I dont think this would be a security issue in my opinion.
Indeed, if privsep_init() fails the only visible change would be no future changes to interface settings. I was misled by the option name - it looks like privsep disabling (opposition to --username), but in reality it totally disables privileged operations. Thanks for spotting it, I think CVE-2011-3603 should be rejected. -- Vasiliy
Current thread:
- Re: radvd 1.8.2 released with security fixes, (continued)
- Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 11)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 14)
- Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
- Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)