oss-sec mailing list archives
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 07 Sep 2017 12:29:50 -0400
On Thu 2017-09-07 16:27:25 +0100, Simon McVittie wrote:
Ideally, the sequence of events would be something that ensures that the pid file already exists by the time readiness has been announced, like this pseudocode: have the necessary privileges to write a pid file fork if (parent) { write child pid to pid file exit /* tells supervisor we are ready */ } else /* child */ { drop privileges while (1) { process request } }
Is there a potential race condition here? for example, if dropping privileges takes some amount of time, or if there is additional setup that ought to be done as non-root (building tables, pre-processing a dataset from the filesystem, initializing a PRNG), then this pattern is actually pretty hard to get right as a notification. the options seem to be: 0) if dropping privs is known to be fast, then move any lengthy initialization/setup into the root/pre-fork side. this is a violation of the principle of least privilege. 1) establish a communication channel between the child and the parent, and have the child explicitly signal to the parent that it is ready so that the parent can exit() appropriately. but (1) is at least as much work as any of the other forms of explicit notification to the service manager directly, so it's not clear that forking is a great way to provide such notification. --dkg
Attachment:
signature.asc
Description:
Current thread:
- CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 06)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation kseifried () redhat com (Sep 11)