Re: 398254 is a security bug (SUID permission is 755 instead of 700 during installation)

To: "Bastien ROUCARIES" <roucaries.bastien+debian@gmail.com>, 502300@bugs.debian.org, debian-security@lists.debian.org, mh@glandium.org
Subject: Re: 398254 is a security bug (SUID permission is 755 instead of 700 during installation)
From: "roucaries bastien" <roucaries.bastien+debian@gmail.com>
Date: Sat, 3 Jan 2009 17:17:09 +0100
Message-id: <[🔎] 195c7a900901030817x16a6c94dg8d0af57e92e0b43a@mail.gmail.com>
In-reply-to: <[🔎] 20090102212502.GB4895@glandium.org>
References: <[🔎] 200901022137.13113.roucaries.bastien+debian@gmail.com> <[🔎] 20090102212502.GB4895@glandium.org>

>>
>> I belive it is a security bug, non allowed user could use fuse.
>> Do not raise priority because it will only allow a user to do something mad on his own account, and race windows is tiny.
>
> Except /dev/fuse already has the right permissions per udev rules, so
> fusermount is actually useless for users not in the fuse group.

The problem is more subtle during installation fusermount is SUID,
owned by root and executable by other. Therefore permission on
/dev/fuse are not checked. After post inst run, fusermount will not be
executable by other. But they exist a windows between copy and post
inst rule when fusermount could be used by everybody.

Bastien

PS: BTW it is bug 502300

Reply to:

References:
- 398254 is a security bug (SUID permission is 755 instead of 700 during installation)
  - From: Bastien ROUCARIES <roucaries.bastien+debian@gmail.com>
- Re: 398254 is a security bug (SUID permission is 755 instead of 700 during installation)
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: Re: DBus plan for Lenny
Next by Date: Re: PGP key to use to contact the Security Team
Previous by thread: Re: 398254 is a security bug (SUID permission is 755 instead of 700 during installation)
Next by thread: DBus plan for Lenny
Index(es):
- Date
- Thread