Bug 18046
Summary: | Another security hole in usermode/glibc | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
Component: | usermode | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | dr |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/archive/1/136475 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-10-16 17:09:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Evans
2000-10-02 00:47:17 UTC
We're going to have to add a whitelist and use execle() to run the right program, but we need to preserve a sane LANG rather than let the default "C" be used. Might have to make a specific exception for LANG, though. Actually, glibc takes care about slashes, not .. in locale paths. Anyway, I don't think glibc should restrict LANG/LC_ALL for non-setuid root, maybe it should remove LC_*/LANG from environment for setuid programs if it contains /, I'll talk with Ulrich. Anyway, IMHO all suid/sgid apps which exec something should be careful by themselves. In ftp://ultra.linux.cz/private/usermode/ are updated usermode RPMs, Nalin, could you please retest the bugtraq exploit with it and issue erratas ASAP (like today) for all distributions shipping usermode? This is really serious. And we should check all suid/sgid apps which ever exec for this kind of thing as well. Still not sure what to do about other distributions, but usermode with a couple of minor bug fixes is now in the pipeline. Errata is released - fancy marking the bug RESOLVED + ERRATA? |