Bug 853164 - setuid program should have full RELRO
setuid program should have full RELRO
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: util-linux (Show other bugs)
18
Unspecified Unspecified
high Severity unspecified
: ---
: ---
Assigned To: Karel Zak
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 853068
  Show dependency treegraph
 
Reported: 2012-08-30 12:03 EDT by Steve Grubb
Modified: 2012-09-17 18:00 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-11 14:52:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2012-08-30 12:03:03 EDT
Description of problem:
Setuid/gid should have full RELRO support enabled for extra protection. Also, network facing program should have PIE flags enabled for new ASLR each run.


FILE                                                TYPE        RELRO    PIE 
/usr/bin/chfn                                       setuid      partial  yes 
/usr/bin/chsh                                       setuid      partial  yes
/usr/bin/logger                                     network-ip  partial  no  
/usr/bin/mount                                      setuid      partial  yes 
/usr/bin/umount                                     setuid      partial  yes 
/usr/bin/write                                      setgid      partial  yes

You can use this program for testing:
http://people.redhat.com/sgrubb/files/rpm-chksec
Comment 1 Fedora Update System 2012-09-06 08:08:26 EDT
util-linux-2.22-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/util-linux-2.22-1.fc18
Comment 2 Karel Zak 2012-09-06 08:24:17 EDT
(In reply to comment #0)
> FILE                                                TYPE        RELRO    PIE 
> /usr/bin/logger                                     network-ip  partial  no

I don't see reason to think about logger(1) as about security sensitive program. It just writes to syslog (and yes, you can connect() to remote server). IMHO is to overkill to PIE all programs like logger(1).

The spec file has been fixed and BIND_NOW and GNU_RELRO is used for all suid programs (!= logger) in util-linux now. Thanks for the report.
Comment 3 Karel Zak 2012-09-06 09:37:22 EDT
And note that logger(1) only write() to network socket. It does not parse any input from network.
Comment 4 Steve Grubb 2012-09-06 09:42:07 EDT
It may be true that it only writes, but before that it has to do dns lookup and parse the results. You have to consider the dns server to be malicious. While this is done by an underlying library, there is exposure. If you don't want to harden logger, we can skip it for now.
Comment 5 Fedora Update System 2012-09-17 18:00:48 EDT
util-linux-2.22-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.