Re: glusterfs setuid issue

To: Ben Hutchings <ben@decadent.org.uk>
Cc: Debian security team <team@security.debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: glusterfs setuid issue
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 28 Aug 2015 06:59:59 +0200
Message-id: <[🔎] 87zj1c80ts.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 1439937498.1922.11.camel@decadent.org.uk> (Ben Hutchings's message of "Wed, 19 Aug 2015 00:38:18 +0200")
References: <[🔎] 1439937498.1922.11.camel@decadent.org.uk>

* Ben Hutchings:

> - Since Linux 3.1 setuid() never fails because of the process limit.
>   Thus wheezy and jessie should be unaffected, even if there's some
>   flaw in the first two points.

I think with user namespace support at least, setuid can allocate
memory, which can fail.  But it's of course more difficult to exploit.

Reply to:

References:
- glusterfs setuid issue
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: squeeze update of libtorrent-rasterbar?
Next by Date: testing php5 for Squeeze LTS
Previous by thread: Re: glusterfs setuid issue
Next by thread: Unsupported packages for Wheezy LTS
Index(es):
- Date
- Thread