Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: local root on linux 2.2.15

From: wp () ELZABSOFT PL (Wojciech Purczynski)
Date: Mon, 12 Jun 2000 15:06:18 +0200

On Thu, 8 Jun 2000, Philip Guenther wrote:


Question: given this bug, is it now the community expectation that every
program that setuids from 0 to non-zero should check for the presence of
this kernel bug?


Procmail is _not_ affected by saved UID bug because it doesn't try to drop
privileges and then regain them by switching back to UID 0.

However, Procmail is buggy because it tries to drop privileges using
setreuid system call which fails with EPERM. Procmail ignores that and
continues running with privileges it shouldn't have.


The sendmail people have enhance sendmail in just such a fashion and
I'm wondering whether I, as current maintainer of procmail, should do
so to procmail.  Are we going to see new versions of perl, screen,
xterm, nxterm, and rxvt (all of which are setuid root on the Linux
system in front of me) that contain code to detect this?  I suspect so,
and I'll add the requisite code to procmail for the next version.


IMHO, all those setuid-root programs should be fixed if they ignore return
values of system calls.

-wp

+--------------------------------------------------------------------+
| Wojciech Purczynski   wp () elzabsoft pl  http://www.elzabsoft.pl/~wp |
| GSM: +48604432981   Linux Administrator   SMS: wp-sms () elzabsoft pl |
+------ Public GnuPG Key:  http://www.elzabsoft.pl/~wp/gpg.asc ------+
Previous By Date Next
Previous By Thread Next

Current thread: