Re: capget() overflows buffers.

From: Chris Wright
Date: Sat May 24 2008 - 04:11:17 EST

Next message: Chris Wright: "Re: capget() overflows buffers."
Previous message: Mike Galbraith: "Re: PostgreSQL pgbench performance regression in 2.6.23+"
In reply to: Andrew G. Morgan: "Re: capget() overflows buffers."
Next in thread: Andrew G. Morgan: "[PATCH] security: was "Re: capget() overflows buffers.""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andrew G. Morgan (morgan@xxxxxxxxxx) wrote:
> Your concern is for the situation when the garbage happens to correspond
> to an apparently meaningful setting for the upper capability bits? The
> problem being that this privileged application is more privileged than
> intended? I agree that this is not ideal.

Yep, exactly.

> In practice, however, this is only a real problem if named (or a
> similarly structured program) has a security related bug in it. No?

It's dropped privileges to help mitigate any security related bug it
may contain. It's conceivable (albeit remote[1]) that fork/exec plus
inheritable could leak privs w/out a security related bug.

> Is this your concern, or have I missed something?

That's it.

thanks,
-chris

[1] Get lucky combo in the garbage bits and have not shed uid 0.
Much less likely.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: capget() overflows buffers."
Previous message: Mike Galbraith: "Re: PostgreSQL pgbench performance regression in 2.6.23+"
In reply to: Andrew G. Morgan: "Re: capget() overflows buffers."
Next in thread: Andrew G. Morgan: "[PATCH] security: was "Re: capget() overflows buffers.""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]