Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <224071656.426608.1299529463806.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 7 Mar 2011 15:24:23 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Ludwig Nussel <ludwig.nussel@...e.de>, security <security@...ntu.com>,
        security@...ian.org, security@...e.de,
        Dan Rosenberg <dan.j.rosenberg@...il.com>
Subject: Re: Suid mount helpers fail to anticipate
 RLIMIT_FSIZE

----- Original Message -----
> 
> It seems like fixing glibc to either raise the rlimit or correctly handle
> the error condition is the way to go (as you already mentioned). I share
> the concern of the helpers maybe not checking addmntent() return codes,
> though. If they all do, I would think that just correct error handling in
> glibc would be accepted upstream. Whatever the fix, it really feels like
> it should be in glibc. It is what is responsible for actually writing to
> the file...
> 

I'm going to assign CVE-2011-1089 to this, under the assumption the fix
will go into glibc (it's a bit confusing, but I think I follow from playing
along at home).

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.