oss-sec mailing list archives
Re: kernel: fs.suid_dumpable=2 privilege escalation
From: Florian Weimer <fweimer () redhat com>
Date: Fri, 17 Apr 2015 09:41:46 +0200
On 04/16/2015 08:41 PM, Kees Cook wrote:
On Thu, Apr 16, 2015 at 5:42 AM, Florian Weimer <fweimer () redhat com> wrote:Should this be treated as a security vulnerability? “fs: make dumpable=2 require fully qualified path” <http://lwn.net/Articles/503682/> Some widely-used cronie versions still do not have hardening and parse commands in core dumps.I didn't seek a CVE for this at the time since it requires a pretty specific combination of configurations. Namely: setting dumpable=2 without a dump handler, which I couldn't find any distro doing. I have no objection, of course.
Ah, right. I noticed this while looking at the file-based coredump emulation in abrt-hook-ccpp. It's not the default, either, so we have not yet assigned a CVE, and we probably won't call it a vulnerability. -- Florian Weimer / Red Hat Product Security
Current thread:
- kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer (Apr 16)
- Re: kernel: fs.suid_dumpable=2 privilege escalation cve-assign (Apr 16)
- Re: kernel: fs.suid_dumpable=2 privilege escalation Kees Cook (Apr 16)
- Re: kernel: fs.suid_dumpable=2 privilege escalation Florian Weimer (Apr 17)