Re: CVE-2021-4034: why is pkexec still a thing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mo, 31.01.22 18:32, Sam Varshavchik (mrsam@xxxxxxxxxxxxxxx) wrote:

> Lennart Poettering writes:
>
> > See the discussion around seccomp and NNP. i.e. a new kernel facility
> > was added precisely to ensure that seccomp cannot be used to run code
> > that is intended to be run privileged – under security policies in
> > control by an unprivileged user. i.e. if you can take certain privs
> > away from code that expects to have them you might be able to trigger
> > vulnerable codepaths that the developer didn't expect you to be able
> > to trigger.
> >
> > But anyway, don't focus so much in cgroups here. There are plenty
> > other props these days that sudo doesn#t clean up. consider this for
>
> Ok, so where's the track record of potential security exploits, in similar
> kinds of tools, that: 1) leverage any of the resources that you mentioned,
> and 2) but were mitigated, and became ordinary bugs, thanks to the
> vulnerable code being an isolated daemon process, with a clean
> environment.

I already described you a vulnerability. And the vulnerabilities in
sudo from not cleaning up env vars are pretty well documented, too no?
And they are the same kind: not cleaned up context.

The thing is that most security researches are probably more
interested in root escalation issues than in local DoS. That doesn't
mean local DoS was OK, it just means that people are out for other
trophies, and the vuln I explained is a DoS one. Hence it's not
surprising the vuln doesn#t have a fancy website or name or so, but
nevertheless it makes our platform weaker.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux