Date: Tue, 21 Sep 2010 15:22:07 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: Minor security flaw with pam_xauth ----- "Josh Bressers" <bressers@...hat.com> wrote: > > > The same commit also introduces previously-missing privilege switching > > into pam_env and pam_mail. Unfortunately, this pam_env and pam_mail > > fix is incomplete: it only switches the fsuid (should also switch fsgid > > (or egid) and groups), and it fails to check the return value from > > setfsuid() (doing so would require duplicate calls to setfsuid(), like > > we do in libtcb, or switching of euid instead - yet it is desirable). > > > > This one is a bit on the tricky side. I'm going to call it "improper > setfsuid use" so we can use just one CVE instead of two (as the flaws > are > related): > > Use CVE-2010-3430 > MITRE votes for two, so here goes: Let's use CVE-2010-3430 for the missing setfsgid. Use CVE-2010-3431 for the missing return checks on setfsuid. Thanks Steve. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ