oss-sec mailing list archives
Re: Re: CVE request: tmux local denial of service (2009)
From: Guido Berhoerster <guido+openwall.com () berhoerster name>
Date: Thu, 9 Jan 2014 20:51:15 +0100
* Florian Weimer <fweimer () redhat com> [2014-01-09 20:06]:
On 01/09/2014 07:44 PM, cve-assign () mitre org wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1allows users to override the socket path using the -S command line option.We'd like to consider this ineligible for a CVE unless there's new information. In many cases, "ability to cause an inconvenience" is not sufficient for a CVE assignment. The nature of the application apparently makes it unlikely that this would, for example, disrupt unattended root-executed scripts that have a hardcoded tmux command line.I reported this here because tmux is sometimes used to start servers on system boot: http://unix.stackexchange.com/questions/71372/using-tmux-on-boot-up-of-linux-centos http://askubuntu.com/questions/62434/why-does-upstart-keep-respawning-my-process https://bowerstudios.com/node/953 http://code.google.com/p/webrtc2sip/issues/detail?id=80
In that case the right thing to do is setting TMPDIR to a directory only writable by the user (TMPDIR/-S/-L are documented in the manpage so this can hardly count as suprising to users). The development version also supports TMUX_TMPDIR in which sockets are created without a subdirectory and which e.g. may be set to XDG_RUNTIME_DIR. The Debian patch makes tmux potentially less secure due to being setgid and it was rejected by upstream, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529082#12 In 2011 Debian reverted to the upstream behavior and no longer carries the patch referenced in the above bug report. -- Guido Berhoerster
Current thread:
- CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)
- Re: CVE request: tmux local denial of service (2009) Guido Berhoerster (Jan 09)
- Re: CVE request: tmux local denial of service (2009) cve-assign (Jan 09)
- Re: CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)
- Re: Re: CVE request: tmux local denial of service (2009) Guido Berhoerster (Jan 09)
- Re: CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)