[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask
From: Eugene Teo <eugene () redhat ! com>
Date: 2009-04-25 9:22:47
Message-ID: 49F2D667.7050005 () redhat ! com
[Download RAW message or body]
Hi Steve,
Steven M. Christey wrote:
> On Thu, 23 Apr 2009, Eugene Teo wrote:
>
>> "When POSIX capabilities were introduced during the 2.1 Linux cycle, the
>> fs mask, which represents the capabilities which having fsuid==0 is
>> supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE.
>> However, before capabilities the privilege to call these did in fact
>> depend upon fsuid==0.
>
> How is this different than CVE-2009-1072? That CVE is based on the same
> bug report by Igor Zhbanov, although the description doesn't mention
> CAP_LINUX_IMMUTABLE.
Hmm. CVE-2009-1072 refers to the missing CAP_MKNOD capability in
CAP_NFSD_MASK, and this bug refers to the missing CAP_MKNOD and
CAP_LINUX_IMMUTABLE capabilities in CAP_FS_MASK. Come to think about it,
both are similar, and probably makes sense to have it part of
CVE-2009-1072 too?
Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic