oss-sec mailing list archives
Re: Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 26 Aug 2011 11:07:20 +0200
On ven., 2011-08-26 at 10:58 +0200, Yves-Alexis Perez wrote:
However I didnt dig deep enough into it to write an exploit as I dont have a working lightdm setup. The correct behavior is to temporarily drop euid/fsuid to that of the user if doing anything with his files.Yeah, I'm currently cooking patches doing that, though they'll need review before apply.
Would something like: diff --git a/src/dmrc.c b/src/dmrc.c index bff1da8..9f38faf 100644 --- a/src/dmrc.c +++ b/src/dmrc.c @@ -80,11 +80,25 @@ dmrc_save (GKeyFile *dmrc_file, const gchar *username) /* Update the users .dmrc */ if (user) { + /* write the file as the user itself */ + pid_t pid; + pid = fork(); + + if (pid == 0) + { + if (setuid (user_get_uid(user)) < 0) + { + g_warning("Error changing uid for %s: %s", username, g_strerror(errno)); + _exit(EXIT_FAILURE); + } path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL); g_file_set_contents (path, data, length, NULL); - if (getuid () == 0 && chown (path, user_get_uid (user), user_get_gid (user)) < 0) - g_warning ("Error setting ownership on %s: %s", path, strerror (errno)); g_free (path); + _exit(EXIT_SUCCESS); + + } + if (pid > 0) + wait(NULL); } /* Update the .dmrc cache */ do the job (untested, it's more like a RFC right now). Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 25)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Sebastian Krahmer (Aug 26)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
- Re: Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Aug 26)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 29)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Sep 05)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Sebastian Krahmer (Aug 26)