oss-sec mailing list archives
Re: pacemaker strcmp
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Dec 2012 18:16:04 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/13/2012 09:37 AM, Simon . wrote:
Hi, I might have overlooked something. Starting from Line 39, if pacemaker is compiled with ACL support: https://github.com/ClusterLabs/pacemaker/blob/master/include/crm_internal.h#L39 Once a user root\0bar is created, and CRM_DAEMON_USER is #undef we can return TRUE. Haven't looked into further details here and I think no sane admin will ever allow such a user. What do you guys think? /* For ACLs */ char *uid2username(uid_t uid); void determine_request_user(char *user, xmlNode * request, const char *field); # if ENABLE_ACL # include <string.h> static inline gboolean is_privileged(const char *user) { if (user == NULL) { return FALSE; } else if (strcmp(user, CRM_DAEMON_USER) == 0) { <------------- #undef ? return TRUE; } else if (strcmp(user, "root") == 0) { <------------------- err return TRUE; } return FALSE; } # endif
Can attackers create their own user names or do admins have to create the accounts (I know nothing about this software)? Also can you confirm that "root\0bar actually allows ACL bypass with the application in production? Thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQy89UAAoJEBYNRVNeJnmT+ZgP/RKlc9LyyfMlIPbeuJqOJSuB CWWvUuYJWQfhIfniOLyxfDQtU+Bp+LkNyM4Mk5cfxDgLu4bCN4cClWBGTnbvcuDp VRH0NOfOhNRf7TlZ5UAMzop5EMU1+3mb1XNA15EaxmShikKew98CabiArolSWpge Y/2eZ5KoxdgHCFRwzWm2NjYGh4KFzgjQY5YkNfYCRuEhMDLAo9zq9gGlREYyHQ2c SGxEg8jGhnsPF6voAqvZ6wXXMg3s2XmRmEFwC7erTvaPXQ5XNoW3amkEVrDBgeeo DrMCCiYtiV2exUSxg55+MxlFQyzsp2u8bBxnHCK2bN7r/ZRt/IrLiva8EGn6ANwa ge1wX3t+MwXZ0iZCjMNtqtK6XpRGfDlAb4nv403fS9waUI+6f/b8YzqooDGdc+SN on/wX1NJ2HT30Q5d68cSGSK82N1/kl+QolyX9Q5jyAqxCHLyT8psLt9BXsFjH1K9 0eCIFOgoHNEQeh92MgHzQ1ynkPTRQSqIvXvpOyjZ1sdf+gT93jrRxqydV7/nBK7P Hyt6MdJggBDTai259onIfbjTYavTsio1X1efrvAjxDrfa2HULvXW9QwrWPyUKzg4 JMC0RYzhoUeWg/yhnrUdPjwXuQwp04tzxeNjHWC25Cxs3OHVnBZL4Cbh3/74qt0Q zvcBlk+wHZFb2njR4hhG =7JbE -----END PGP SIGNATURE-----
Current thread:
- pacemaker strcmp Simon . (Dec 13)
- Re: pacemaker strcmp Kurt Seifried (Dec 14)