Re: [VULN 3/4] setuid exec race

To: Sergey Bugaev <bugaevc@gmail.com>, bug-hurd@gnu.org
Cc: debian-hurd@lists.debian.org, ludo@gnu.org, samuel.thibault@gnu.org, jlledom@mailfence.com, guix-devel@gnu.org, jbranso@dismail.de, rbraun@sceen.net
Subject: Re: [VULN 3/4] setuid exec race
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 9 Nov 2021 09:38:58 +1300
Message-id: <[🔎] 7fe8d7b7-9c25-7222-da23-ba295f37046f@treenet.co.nz>
In-reply-to: <20211102163121.415934-4-bugaevc@gmail.com>
References: <[🔎] 20211102163121.415934-1-bugaevc@gmail.com> <20211102163121.415934-4-bugaevc@gmail.com>

On 3/11/21 05:31, Sergey Bugaev wrote:

Short description
=================

When trying to exec a setuid executable, there's a window of time when the
process already has the new privileges, but still refers to the old task and is
accessible through the old process port. This can be exploited to get full root
access to the system.


This has been assigned CVE-2021-43411


Amos

Reply to:

References:
- [VULN 0/4] Hurd vulnerability details
  - From: Sergey Bugaev <bugaevc@gmail.com>

Prev by Date: Re: [VULN 2/4] No read-only mappings
Next by Date: Re: [VULN 4/4] Process auth man-in-the-middle
Previous by thread: Re: [VULN 0/4] Hurd vulnerability details
Next by thread: keyboard not responsive in QEMU Hurd image
Index(es):
- Date
- Thread