Bug 1283635 (CVE-2015-8239)
Summary: | CVE-2015-8239 sudo: Race condition when checking digests in sudoers | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | carnil, dkopecek, kzak, pkis, rsroka, slawomir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-01-19 13:14:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1283636 | ||
Bug Blocks: | 1283688 |
Description
Adam Mariš
2015-11-19 13:36:46 UTC
Created sudo tracking bugs for this issue: Affects: fedora-all [bug 1283636] (In reply to Adam Mariš from comment #2) > Statement: > > Not vulnerable. This issue did not affect the versions of sudo as > shipped with Red Hat Enterprise Linux 5, 6 and 7. Not vulnerable in RHEL 7? What about this one: https://bugzilla.redhat.com/show_bug.cgi?id=1183818 Thanks, I'll update it. Statement: (none) sudo upstream updated the docs: https://www.sudo.ws/repos/sudo/rev/24a3d9215c64 There are now additional changes applied upstream to make sudo use fexecve where available, so the program is executed using the same file descriptor that was used to read the file for checksumming purposes. https://www.sudo.ws/repos/sudo/rev/397722cdd7ec https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195 Note that fexecve documentation explicitly notes that fexecve can only help when file to be executed is in a user writeable directory, but not when the file is also user writeable. The idea behind fexecve() is to allow the caller to verify (checksum) the contents of an executable before executing it. Simply opening the file, checksumming the contents, and then doing an execve(2) would not suffice, since, between the two steps, the filename, or a directory prefix of the pathname, could have been exchanged (by, for example, modifying the target of a symbolic link). fexecve() does not mitigate the problem that the contents of a file could be changed between the checksumming and the call to fexecve(); for that, the solution is to ensure that the permissions on the file prevent it from being modified by malicious users. This is most likely not going to get any "full" fix upstream other than documenting that it's unsafe to execute user writeable programs even if the digest check is performed. |