Re: [SECURITY] please unblock beast 0.6.6-8
On Tue, Mar 20, 2007 at 11:42:14PM -0700, Russ Allbery wrote:
> Steve Langasek <vorlon@debian.org> writes:
> > Can you explain how this is exploitable? In CVE-2006-2916, the
> > description is "allows local users to gain root privileges by causing
> > setuid to fail". um... how is an unprivileged local user going to cause
> > setuid() to fail?
> By exceeding a resource limit for the target UID to which root is trying
> to setuid. Or by somehow triggering the kernel bug that we're currently
> observing on one of our servers that seems related, which is preventing
> root from successfully doing setuid to nobody.
Heh, ok.
> There were a ton of security-related updates to various packages a while
> back due to various iterations of this problem. (Although as I recall you
> were involved in some of those updates, so maybe I'm stating the obvious
> to someone who knows better and you understand this all better than I do.)
Wow, if I was involved with them, it's completely fallen out of the wetware
cache. :) Perhaps that explains the vague tickle asking whether ulimits
would be an issue here...
Unblocked, then; Sam, I'd still appreciate seeing the error message fixed
since we're updating the package anyway.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: