oss-sec mailing list archives
Re: CVE Request: powerdns does not clear supplementary groups
From: christos () zoulas com (Christos Zoulas)
Date: Thu, 24 May 2012 19:50:38 -0400
On May 24, 7:18pm, sgrubb () redhat com (Steve Grubb) wrote: -- Subject: Re: [oss-security] CVE Request: powerdns does not clear supplemen | On Thursday, May 24, 2012 06:56:46 PM Solar Designer wrote: | > On Thu, May 24, 2012 at 06:15:53PM -0400, Steve Grubb wrote: | > > Here is a real life case: | > > | > > + if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 || | > > + setuid(pw->pw_uid) != 0 ) | > > | > > This is not upstream. This is a patch to drop capabilities by changing | > > uid/gid. The person writing the patch intended to do the right thing - | > > but failed. See the bug? This is in a network facing daemon that parses | > > untrusted network packets. | > | > Wow. The NULL results in group 0 being added to the supplementary | > groups list (so it survives the setgid(), at least on my quick test). | | Yes. If you put that one snippet of code into google, you would find arpwatch is | the culprit. there is one more: http://users.jyu.fi/~mesrik/pkg/tcpdump/tcpdump-3.7.1-droproot2.patch christos
Current thread:
- Re: CVE Request: powerdns does not clear supplementary groups, (continued)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Miloslav Trmac (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Christos Zoulas (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Peter van Dijk (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)