Bug 165663

Summary: ipvs overflow
Product: Red Hat Enterprise Linux 4 Reporter: Mark J. Cox <mjc>
Component: kernelAssignee: David Miller <davem>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: jbaron, jrieden, sdsmall, uwe.knop
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:25:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2005-08-11 09:27:25 UTC 
Some ipvs overflows were found and fixed in 2.4 (20050531) and later forward
ported to 2.6 (20050626)

"The impact of the bugs is a kernel stack overflow and privilege escalation
from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON
ioctls.  People running with 'root=all caps' (i.e., most users) are not
really affected (there's nothing to escalate), but SELinux and similar
users should take it seriously if they grant CAP_NET_ADMIN to other users."

Patch and details:

http://linux.bkbits.net:8080/linux-2.6/cset@42bf33830NWnUULH1Bqyr1sgJO-NKg

We should fix this for RHEL4
Comment 3 James Morris 2005-08-11 16:12:26 UTC 
SELinux does not grant capabilities to users.
Comment 4 Stephen Smalley 2005-11-15 10:54:26 UTC 
Correct - SELinux is presently restrictive only (i.e. only further restricts
access); use of a capability aka privilege still requires uid 0 (at least
initially) plus the corresponding SELinux permission.
Comment 5 Mark J. Cox 2005-11-15 11:28:28 UTC 
thanks; removing security tag
Comment 6 Jiri Pallich 2012-06-20 13:25:47 UTC 
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.