Bug 122731
Summary: | ksu needs to be suid root | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Donnelly <martin.donnelly> |
Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | ddoucett, k.georgiou, mattdm, redhat |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.4.3-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-08 17:10:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Donnelly
2004-05-07 15:32:04 UTC
I have also reproduced this problem with the following package versions with AS 3.0: krb5-libs-1.2.7-24 krb5-workstation-1.2.7-24 Verified that this is still broken in Fedora Core 2. This seems to have existed as a bug for years. It is very annoying. Bug #122731 describes the same thing and documented that the potential security vulnerability is fixed. ksu does get a thorough security workover with the rest of the Kerberos distribution, and looking at the code I don't see any way anyone can exploit this ... especially if they don't have Kerberos credentials. This is easy to fix! I agree that this is not exploitable, but it is very annoying. Especially when sending out to hundreds of hosts. You referred to Bug #122731 being the same thing, but that is this bug. Is there another bug you are referring to? This is an easy fix, but it is much easier to just fix the one rpm and have it right the first time. see also bug 11535 and bug 137934 Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match. Problem persists in FC3. Stupid bugzilla won't let me reopen or change the version. Thanks for testing. Bug -> fc3 as per comment #6. I'll mark it CURRENTRELEASE, if only because I'm not sure ATM that a version which changes this was ever pushed for FC3, and I don't want to falsely raise any expectations. Thanks! |