Finke Lamein reported that tuned's ktune service, which calls pmqos-static.py when the latency-performance profile is selected, would create its PID file with insecure permissions (0666). A local user could use this flaw to kill arbitrary running processes when the ktune service is stopped. NOTE: the latency-performance profile is not a default, and requires root privileges to enable ("tuned-adm profile latency-performance"). As well, ktune is not enabled by default.
This is fixed upstream in the 1.x branch: http://git.fedorahosted.org/cgit/tuned.git/patch/?id=c89ad2149ce0425ff790e9c44f5b682e1eee4edc This does not affect 2.2.x, so Fedora 18 is not affected by this issue, however it does affect Fedora 17 (tuned/utils/daemon.py: _daemonize_fork()).
Created tuned tracking bugs for this issue Affects: fedora-17 [bug 918233]
Acknowledgements: Red Hat would like to thank Finke Lamein for reporting this issue.
(In reply to comment #3) > Created tuned tracking bugs for this issue > > Affects: fedora-17 [bug 918233] fedora-17 doesn't seem to be affected, only tuned < 2.X is affected and in fedora-17 updates there is already: tuned-2.0.1-7.fc17
(In reply to comment #5) > (In reply to comment #3) > > Created tuned tracking bugs for this issue > > > > Affects: fedora-17 [bug 918233] > > fedora-17 doesn't seem to be affected, only tuned < 2.X is affected and in > fedora-17 updates there is already: > tuned-2.0.1-7.fc17 tuned-2.0.1-7.fc17 is not affected by the pmqos-static.pid issue, but there is similar issue described in bug 845336.
Do we need another CVE? Fedora 17 is affected by security bug 845336.
(In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #3) > > > Created tuned tracking bugs for this issue > > > > > > Affects: fedora-17 [bug 918233] > > > > fedora-17 doesn't seem to be affected, only tuned < 2.X is affected and in > > fedora-17 updates there is already: > > tuned-2.0.1-7.fc17 > > tuned-2.0.1-7.fc17 is not affected by the pmqos-static.pid issue, but there > is similar issue described in bug 845336. Did you miss this? (In reply to comment #1) > This is fixed upstream in the 1.x branch: > > http://git.fedorahosted.org/cgit/tuned.git/patch/ > ?id=c89ad2149ce0425ff790e9c44f5b682e1eee4edc > > This does not affect 2.2.x, so Fedora 18 is not affected by this issue, > however it does affect Fedora 17 (tuned/utils/daemon.py: _daemonize_fork()). It's affected, but the code is different.
(In reply to comment #7) > Do we need another CVE? Fedora 17 is affected by security bug 845336. That should have had its own CVE to begin with. I'll sort this out later today and get one assigned.
(In reply to comment #8) > > This does not affect 2.2.x, so Fedora 18 is not affected by this issue, > > however it does affect Fedora 17 (tuned/utils/daemon.py: _daemonize_fork()). > > It's affected, but the code is different. I still haven't got it, please see the analysis in bug 918233 comment 6.