[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] please unblock beast 0.6.6-8

On Tue, Mar 20, 2007 at 11:42:14PM -0700, Russ Allbery wrote:
> Steve Langasek <vorlon@debian.org> writes:

> > Can you explain how this is exploitable?  In CVE-2006-2916, the
> > description is "allows local users to gain root privileges by causing
> > setuid to fail".  um... how is an unprivileged local user going to cause
> > setuid() to fail?

> By exceeding a resource limit for the target UID to which root is trying
> to setuid.  Or by somehow triggering the kernel bug that we're currently
> observing on one of our servers that seems related, which is preventing
> root from successfully doing setuid to nobody.

Heh, ok.

> There were a ton of security-related updates to various packages a while
> back due to various iterations of this problem.  (Although as I recall you
> were involved in some of those updates, so maybe I'm stating the obvious
> to someone who knows better and you understand this all better than I do.)

Wow, if I was involved with them, it's completely fallen out of the wetware
cache. :)  Perhaps that explains the vague tickle asking whether ulimits
would be an issue here...

Unblocked, then; Sam, I'd still appreciate seeing the error message fixed
since we're updating the package anyway.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
Reply to: