oss-sec mailing list archives
Re: radvd 1.8.2 released with security fixes
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Fri, 14 Oct 2011 10:15:59 +0530
On 10/14/2011 12:21 AM, Solar Designer wrote:
I am an outside observer here (I haven't reviewed the code myself), but doesn't the above amount to admin-configured privilege separation not actually being enabled? If so, this sounds like a security issue to me.
I dont think so. From the code i have read so far, here is what seems to happen.
- radvd starts as root - reads the configs - if a username is specified (user=radvd in most cases): - if "--singleprocess" is not specified: - run privsep_init(): This forks another process which runs as root. So after this point we have two processes both running as root - If privsep_init() fails, we have just one process running as root - run drop_root_privileges(): If this succedes, we have two processes one running as root and another as radvd user, or if privsep_init() failed earlier, we have one process running as radvd user. If this fails, application quits- If username was not specified radvd continues to run as a single process as root.
So failure in privsep_init() results in just one process running as radvd user. If it did not fail it would result in one process running as root and another as radvd user.
I dont think this would be a security issue in my opinion. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Current thread:
- Re: radvd 1.8.2 released with security fixes, (continued)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 11)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 14)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
- Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)