[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: glusterfs setuid issue

On Wed, 2015-08-19 at 00:38 +0200, Ben Hutchings wrote:
> I spent some time on this issue without a CVE assigned:
> CVE-2015-XXXX [fuse check return value of setuid]
> 	> - glusterfs 
> 	> NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/18/6
> 	> NOTE: http://review.gluster.org/#/c/10780/
> 	> NOTE: https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6
> I don't believe this is a security issue at all:
> - The two unchecked setuid() calls are setuid(geteuid()).  This isn't
>   dropping privileges.  If the effective uid is 0 then this sets real
>   and saved uids to 0 as well.  Otherwise it does nothing.
> - It can't fail due to process limits, because if it changes the real
>   uid then we must have all effective uid of 0 and the process limit
>   is ignored.

It is possible for a thread to have some privileges but not
CAP_SYS_RESOURCE or CAP_SYS_ADMIN (which provide exemption from the
process limit). However setuid-root programs always get all
capabilities and I didn't find any calls to capset() in fuse or


Ben Hutchings
Experience is what causes a person to make new mistakes instead of old ones.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: