[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps a
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-04-20 4:56:47
Message-ID: 4F90EC8F.9030401 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/19/2012 10:52 PM, Eugene Teo wrote:
> Reported by Steve Grubb, if a process increases permissions using
> fcaps all of the dangerous personality flags which are cleared for
> suid apps should also be cleared. Thus programs given priviledge
> with fcaps will continue to have address space randomization
> enabled even if the parent tried to disable it to make it easier to
> attack.
>
> Upstream commit:
> http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445
>
> Reference: https://bugzilla.redhat.com/show_bug.cgi?id=806722
>
> Thanks, Eugene
Please use CVE-2012-2123 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPkOyPAAoJEBYNRVNeJnmTdeYP/j3mkBDfKmNR6WfS9tIqQN2S
8O60vrzYfOsZ/+qwHlP4JSmy1pyGoE/rj/ADz/ctLmaGKSoE41Oz30mEE3LksKke
uNhIaMCbAGxo+gNT7CADI32vl+Ab2P/NVgVj5GSuJ9ZCHi34qTUSHkATJWM5iNJs
HtsF46VSzVKKsGRWF6AhszGA4v54v76vOesncMG5U6SQ9+aPDnx/t9SvSHb29yvg
WSU2Q3EvVa3YWkR+7FaGs7UYj63PcPWYP0VAjacA/RafY3CMEijwKKB6qvHYEOpM
mCkaTxCEHYwhtf6QBMqmC5EWiaMB4uhxjzUO3/HUPz2YA+dw2d1sMcct49jWzF2B
vGSiFT3LQ1AZQK7Yp517ASYbCEPVNIDqwnpXuDVuJJ/AcHbuyEOEsEbMy3TVo7Xl
sj4XD/yE+iGNwBoTIQyx0/fMMh1K25j/8KEZabzO6w5RciPHULIMawzVaTkciMxg
HtNG67Kt3UHcpKwDQLeGH75vQqQDPfu6o5e5Ix9wnSrbZuMZn8Ub1lmVoP+d5PfK
YdW6flfTo+Z/f57VMgmzzJCfFp/SR+B5j4lskcaeMtysTMp5L0r1/s/0NXpOKz+G
IL7EsqbJvUDGZ6PXmmD/KXEOMaCyUEmzmh92w6H5sTfsOwzl2YjddMM4KMdSGaQC
VdbREbLZLmSW90WOh/JK
=Thfp
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic