On Wed, 2015-08-19 at 00:38 +0200, Ben Hutchings wrote: > I spent some time on this issue without a CVE assigned: > > CVE-2015-XXXX [fuse check return value of setuid] > > - glusterfs > > NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/18/6 > > NOTE: http://review.gluster.org/#/c/10780/ > > NOTE: https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6 > > I don't believe this is a security issue at all: > > - The two unchecked setuid() calls are setuid(geteuid()). This isn't > dropping privileges. If the effective uid is 0 then this sets real > and saved uids to 0 as well. Otherwise it does nothing. > - It can't fail due to process limits, because if it changes the real > uid then we must have all effective uid of 0 and the process limit > is ignored. [...] It is possible for a thread to have some privileges but not CAP_SYS_RESOURCE or CAP_SYS_ADMIN (which provide exemption from the process limit). However setuid-root programs always get all capabilities and I didn't find any calls to capset() in fuse or glusterfs. Ben. -- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones.
Attachment:
signature.asc
Description: This is a digitally signed message part