'Re: [oss-security] CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps a'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps a
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-04-20 4:56:47
Message-ID: 4F90EC8F.9030401 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/19/2012 10:52 PM, Eugene Teo wrote:
> Reported by Steve Grubb, if a process increases permissions using
> fcaps all of the dangerous personality flags which are cleared for
> suid apps should also be cleared. Thus programs given priviledge
> with fcaps will continue to have address space randomization
> enabled even if the parent tried to disable it to make it easier to
> attack.
> 
> Upstream commit: 
> http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445
>
>  Reference: https://bugzilla.redhat.com/show_bug.cgi?id=806722
> 
> Thanks, Eugene

Please use CVE-2012-2123 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPkOyPAAoJEBYNRVNeJnmTdeYP/j3mkBDfKmNR6WfS9tIqQN2S
8O60vrzYfOsZ/+qwHlP4JSmy1pyGoE/rj/ADz/ctLmaGKSoE41Oz30mEE3LksKke
uNhIaMCbAGxo+gNT7CADI32vl+Ab2P/NVgVj5GSuJ9ZCHi34qTUSHkATJWM5iNJs
HtsF46VSzVKKsGRWF6AhszGA4v54v76vOesncMG5U6SQ9+aPDnx/t9SvSHb29yvg
WSU2Q3EvVa3YWkR+7FaGs7UYj63PcPWYP0VAjacA/RafY3CMEijwKKB6qvHYEOpM
mCkaTxCEHYwhtf6QBMqmC5EWiaMB4uhxjzUO3/HUPz2YA+dw2d1sMcct49jWzF2B
vGSiFT3LQ1AZQK7Yp517ASYbCEPVNIDqwnpXuDVuJJ/AcHbuyEOEsEbMy3TVo7Xl
sj4XD/yE+iGNwBoTIQyx0/fMMh1K25j/8KEZabzO6w5RciPHULIMawzVaTkciMxg
HtNG67Kt3UHcpKwDQLeGH75vQqQDPfu6o5e5Ix9wnSrbZuMZn8Ub1lmVoP+d5PfK
YdW6flfTo+Z/f57VMgmzzJCfFp/SR+B5j4lskcaeMtysTMp5L0r1/s/0NXpOKz+G
IL7EsqbJvUDGZ6PXmmD/KXEOMaCyUEmzmh92w6H5sTfsOwzl2YjddMM4KMdSGaQC
VdbREbLZLmSW90WOh/JK
=Thfp
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic