Bug 1253703 - nss: Environment variables are unsafe in SUID/SGID/fscaps programs
Summary: nss: Environment variables are unsafe in SUID/SGID/fscaps programs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1253747
Blocks: 1253715
TreeView+ depends on / blocked
 
Reported: 2015-08-14 13:29 UTC by Adam Mariš
Modified: 2021-10-21 00:46 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 00:46:29 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2015-08-14 13:29:42 UTC 
NSS (the crypto library from Mozilla) uses environment variables to
enable various dodgy features which no longer seem good ideas.
Obviously, this is a problem when the library is used in a context
where the attacker can set environment variables.  For instance, if a
PAM module uses NSS to establish a TLS connection for authentication
purposes, this allows a local attacker to enable features which make
it easier to impersonate the authentication server.

One such binary was reported in: https://bugzilla.redhat.com/show_bug.cgi?id=1250415#c1

Another binaries were found by Florian Weimer:
/sbin/mount.ecryptfs_private
/usr/bin/ssh-agent
/usr/libexec/openssh/ssh-keysign
/usr/bin/staprun

There might be PAM/NSS (glibc Name Service Switch) modules affected,
particularly older ones.
The main question is whether we want to migrate NSS to secure_getenv, or
fix all callers individually.

CVE request:
https://bugzilla.mozilla.org/show_bug.cgi?id=1194680
Comment 2 Adam Mariš 2015-08-14 14:50:27 UTC 
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1253747]
Note You need to log in before you can comment on or make changes to this bug.