On Feb 9, 2017, at 2:03 PM, Leonard den Ottolander <leonard@xxxxxxxxxxxxxxxxx> wrote: > > On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: >> Escalation *requires* attacking a program in a security context other >> than your own. > > Not necessarily. Suppose the adversary is aware of a root > exploit/privilege escalation in a random library. There are two serious problems with this argument: 1. Give me a scenario where this attacker can execute *only* pkcheck in order to exploit this hypothetical library’s flaw, but where the attacker cannot simply provide their own binary to do the same exploit. Short of something insane like exposing pkcheck via CGI over HTTP, I don’t see how a flaw in pkcheck gives you something here that you don’t already have. A vulnerable library is a vulnerable library. Fix the library, don’t invent reasons to fix all the other programs on the system because the library is vulnerable. 2. There’s no such thing as SUID libraries. So, how is this hypothetical library of yours going to gain privileges that the executable linked to it does not have? Point me at a CVE where a vulnerable library was used for privilege escalation. You can point at vulnerable libraries giving data exfiltration and such all day long, but privilege escalation?? _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: Serious attack vector on pkcheck ignored by Red Hat
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Warren Young <warren@xxxxxxxxxxx>
- Date: Thu, 9 Feb 2017 14:22:28 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <1486674227.5127.39.camel@quad>
- References: <1486045336.5163.6.camel@quad> <bf79662d-62a9-fd7d-bc4d-c96340029f74@hogranch.com> <1486047065.5163.8.camel@quad> <e767e804-f9d6-a45b-5299-7f56579fdb9a@gmail.com> <1486049754.5163.22.camel@quad> <04628b0c-98bd-d3f9-ca84-6adbcd8d5c1c@gmail.com> <1486064784.12088.31.camel@quad> <4a8f0e53-c5b2-61fd-b6cb-21e97f713b7c@gmail.com> <1486067854.12088.47.camel@quad> <c034e273-2c7b-1709-242c-c162f4967a13@gmail.com> <1486674227.5127.39.camel@quad>
- Follow-Ups:
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- References:
- Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: John R Pierce
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Serious attack vector on pkcheck ignored by Red Hat
- Prev by Date: Re: Serious attack vector on pkcheck ignored by Red Hat
- Next by Date: Re: mach64 driver, latest update in CentOS 6.8, symbol lookup error - workaround
- Previous by thread: Re: Serious attack vector on pkcheck ignored by Red Hat
- Next by thread: Re: Serious attack vector on pkcheck ignored by Red Hat
- Index(es):
 |