Bug 425481 - (CVE-2008-0008) CVE-2008-0008 Pulseaudio ignores setuid() return value
CVE-2008-0008 Pulseaudio ignores setuid() return value
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: pulseaudio (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Lennart Poettering
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-14 16:34 EST by Lubomir Kundrak
Modified: 2008-01-24 17:01 EST (History)
1 user (show)

See Also:
Fixed In Version: 0.9.8-5.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-24 16:59:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Fail when it's not possible to drop root privileges (2.94 KB, patch)
2007-12-20 07:40 EST, Lubomir Kundrak
no flags Details | Diff
Fail when it's not possible to drop root privileges (2.56 KB, patch)
2008-01-23 10:15 EST, Lubomir Kundrak
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2007-12-14 16:34:09 EST
The SUSE bug [1] states that we don't check a return value of setuid() to see if
we were able to drop privilegies. User can cause the call to fail by exhausting
the resources in some cases, please add the check. Thanks!

[1] https://bugzilla.novell.com/show_bug.cgi?id=347822
Comment 1 Lubomir Kundrak 2007-12-20 07:40:23 EST
Created attachment 290146 [details]
Fail when it's not possible to drop root privileges

Lennart -- could it be done like this?
Comment 2 Lubomir Kundrak 2008-01-23 10:15:13 EST
Created attachment 292647 [details]
Fail when it's not possible to drop root privileges
Comment 3 Lennart Poettering 2008-01-23 20:24:45 EST
That patch is fine! Lubomir, thanks a lot for fixing this much faster than I could.

I have now merged a different patch into upstream SVN, because I initially
wasn't aware of yours. But yours is fine, too.

http://pulseaudio.org/changeset/2100
Comment 4 Fedora Update System 2008-01-24 16:59:25 EST
pulseaudio-0.9.8-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2008-01-24 17:01:58 EST
pulseaudio-0.9.6-2.fc7.1 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.