oss-sec mailing list archives
Re: CVE request: kernel: a collection of world-writable debugfs bugs
From: Vasiliy Kulikov <segoon () openwall com>
Date: Mon, 21 Mar 2011 12:21:26 +0300
On Sun, Mar 20, 2011 at 15:45 -0400, Dan Rosenberg wrote:
I don't mean to create unnecessary work, but have you actually confirmed that exposing each of these files as world-writable actually allows a user to cross privilege boundaries?
First 19 bugs allow anybody to interact with hardware on low level - write to hw registers, load firmware, etc. I'm not sure about ubifs debugfs files - they allow anybody to dump some fs related information via printk(KERN_DEBUG, ...); maybe it is just a bit more precise statistics than statvfs(2) without any disclosure, but I cannot understand it without understanding UBIFS internals. Also this may be not a bug in default distro setups as KERN_DEBUG messages are not usually logged into world-readable log files. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Current thread:
- CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 22)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 22)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 22)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Feb 23)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 23)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Mar 20)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Dan Rosenberg (Mar 20)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Mar 21)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 22)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 22)