On 11/1/18 5:08 PM, Cătălin George Feștilă wrote: > Good to know. > I don't know all about of these problems (setuid and protect with > SELinux - can de an good idea ). > I used F28, I think also is not fixed with F29. > $ ls -l /usr/libexec/Xorg.wrap > -rwsr-xr-x. 1 root root 11376 Apr 23 2018 /usr/libexec/Xorg.wrap > SELinux can block the exploit if the "unconfined" module is disabled. I'm writing blog about it. When it will be ready, I add link also to this thread. Thanks, Lukas. > > On Thu, Nov 1, 2018 at 5:44 PM Chris Adams <linux@xxxxxxxxxxx > <mailto:linux@xxxxxxxxxxx>> wrote: > > Once upon a time, Cătălin George Feștilă <catalinfest@xxxxxxxxx > <mailto:catalinfest@xxxxxxxxx>> said: > > Thank you! > > > > On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald > <h.reindl@xxxxxxxxxxxxx <mailto:h.reindl@xxxxxxxxxxxxx>> wrote: > > > > > > > > > > > Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă: > > > > > https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html > > > > > > https://fedoraproject.org/wiki/Features/RemoveSETUID > > > Targeted release: Fedora 15 > > > > > > ls -la /usr/bin/Xorg > > > -rwxr-xr-x 1 root root 273 2018-04-23 20:16 /usr/bin/Xorg > > That means nothing... that's just a shell script that calls: > > $ ls -l /usr/libexec/Xorg.wrap > -rwsr-xr-x. 1 root root 11376 Apr 12 2018 /usr/libexec/Xorg.wrap > > which is where the problem lies. I think SELinux should help (because > it should stop writes to lots of things), but I haven't seen a bug or > statement from Fedora about vulnerability. > > -- > Chris Adams <linux@xxxxxxxxxxx <mailto:linux@xxxxxxxxxxx>> > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:devel@xxxxxxxxxxxxxxxxxxxxxxx> > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:devel-leave@xxxxxxxxxxxxxxxxxxxxxxx> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
