Bug 853164 - setuid program should have full RELRO
Summary: setuid program should have full RELRO
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: util-linux
Version: 18
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 853068
TreeView+ depends on / blocked
 
Reported: 2012-08-30 16:03 UTC by Steve Grubb
Modified: 2012-09-17 22:00 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-09-11 18:52:51 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Steve Grubb 2012-08-30 16:03:03 UTC
Description of problem:
Setuid/gid should have full RELRO support enabled for extra protection. Also, network facing program should have PIE flags enabled for new ASLR each run.


FILE                                                TYPE        RELRO    PIE 
/usr/bin/chfn                                       setuid      partial  yes 
/usr/bin/chsh                                       setuid      partial  yes
/usr/bin/logger                                     network-ip  partial  no  
/usr/bin/mount                                      setuid      partial  yes 
/usr/bin/umount                                     setuid      partial  yes 
/usr/bin/write                                      setgid      partial  yes

You can use this program for testing:
http://people.redhat.com/sgrubb/files/rpm-chksec

Comment 1 Fedora Update System 2012-09-06 12:08:26 UTC
util-linux-2.22-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/util-linux-2.22-1.fc18

Comment 2 Karel Zak 2012-09-06 12:24:17 UTC
(In reply to comment #0)
> FILE                                                TYPE        RELRO    PIE 
> /usr/bin/logger                                     network-ip  partial  no

I don't see reason to think about logger(1) as about security sensitive program. It just writes to syslog (and yes, you can connect() to remote server). IMHO is to overkill to PIE all programs like logger(1).

The spec file has been fixed and BIND_NOW and GNU_RELRO is used for all suid programs (!= logger) in util-linux now. Thanks for the report.

Comment 3 Karel Zak 2012-09-06 13:37:22 UTC
And note that logger(1) only write() to network socket. It does not parse any input from network.

Comment 4 Steve Grubb 2012-09-06 13:42:07 UTC
It may be true that it only writes, but before that it has to do dns lookup and parse the results. You have to consider the dns server to be malicious. While this is done by an underlying library, there is exposure. If you don't want to harden logger, we can skip it for now.

Comment 5 Fedora Update System 2012-09-17 22:00:48 UTC
util-linux-2.22-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.