Bug 165663 - ipvs overflow
Summary: ipvs overflow
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: David Miller
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
: 165664 165665 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-08-11 09:27 UTC by Mark J. Cox
Modified: 2012-06-20 13:25 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 13:25:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mark J. Cox 2005-08-11 09:27:25 UTC
Some ipvs overflows were found and fixed in 2.4 (20050531) and later forward
ported to 2.6 (20050626)

"The impact of the bugs is a kernel stack overflow and privilege escalation
from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON
ioctls.  People running with 'root=all caps' (i.e., most users) are not
really affected (there's nothing to escalate), but SELinux and similar
users should take it seriously if they grant CAP_NET_ADMIN to other users."

Patch and details:

http://linux.bkbits.net:8080/linux-2.6/cset@42bf33830NWnUULH1Bqyr1sgJO-NKg

We should fix this for RHEL4

Comment 3 James Morris 2005-08-11 16:12:26 UTC
SELinux does not grant capabilities to users.

Comment 4 Stephen Smalley 2005-11-15 10:54:26 UTC
Correct - SELinux is presently restrictive only (i.e. only further restricts
access); use of a capability aka privilege still requires uid 0 (at least
initially) plus the corresponding SELinux permission.

Comment 5 Mark J. Cox 2005-11-15 11:28:28 UTC
thanks; removing security tag

Comment 6 Jiri Pallich 2012-06-20 13:25:47 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.


Note You need to log in before you can comment on or make changes to this bug.