|
Message-ID: <Pine.GSO.4.64.1011021528190.1928@faron.mitre.org> Date: Tue, 2 Nov 2010 15:39:33 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: kernel stack infoleaks On Tue, 2 Nov 2010, Dan Rosenberg wrote: > And since I've already gotten flack for this comment, I'll add for the > sake of clarity: the second item is not a security issue if CAP_NET_RAW > is synonymous with root access in your privilege model, as is the case > on most systems. Duly noted, but I have something to say anyway ;-) From a CVE purist perspective, successful exploitation gets something more than what you can get with CAP_NET_RAW alone, thus there is a violation of the intended security model, no matter how small. One exception that I sometimes wonder about is whether you already have chained privileges [1] (e.g. where legitimate use of privilege A can automatically get you privilege B), but that kind of thing sometimes makes me wonder why there are 2 separate privileges in the first place. So, it would be reasonable to have a CVE, even though its severity would be knocked way down because of the combination of the minor infoleak and requirements for already-high privileges. I recognize that this approach is probably at odds with many developers who have to implement protection mechanisms related to privileges and access control. - Steve [1] where "privilege" is placeholder for "privilege, capability, access, permission, etc., whatever the term is that is used for the particular software you have in mind that is an implicit or explicit statement of what a particular user or group of users is allowed to do."
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.