On Fri, Jan 04, 2008 at 05:53:58PM +0100, Manuel Reimer wrote: > > It would be pretty helpful, if someone could give me some comments > about this one: > > <http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e> > > I don't request an exploit, but it would be nice to know if this is > a critical one, which has to be patched. As there seems to be no new That's CVE-2007-5191. It wasn't evaluated as a critical security bug. I think it already has been fixed in all major distributions. > version of util-linux, maybe there is no need to patch immediately, There is 2.13.0.1 release, see announce: http://marc.info/?l=util-linux-ng&m=119304720010975&w=2 > but maybe I'm wrong. Could someone please answer the following with > Yes or No: > > - Is it really possible to confuse the code, just because of the > wrong order of setgid and setuid? I think more important is that the original code doesn't checking the return value of set{u,g}id(). > - If someone manages to keep root privileges at this point, then he > would be able to call the helper with root privileges and so, for > example, overmount /sbin with any NFS server, he wants, right? It's not so simple, you need a relevant entry in /etc/fstab, because mount(8) always checks your privileges before an exec(/sbin/mount.<type>). Karel -- Karel Zak <kzak@xxxxxxxxxx> - To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
