oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: radvd 1.8.2 released with security fixes

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Fri, 14 Oct 2011 10:15:59 +0530
On 10/14/2011 12:21 AM, Solar Designer wrote:

I am an outside observer here (I haven't reviewed the code myself), but
doesn't the above amount to admin-configured privilege separation not
actually being enabled?  If so, this sounds like a security issue to me.
I dont think so. From the code i have read so far, here is what seems to happen. 

- radvd starts as root
- reads the configs
- if a username is specified (user=radvd in most cases):
        - if "--singleprocess" is not specified:
                - run privsep_init(): This forks another process which
                  runs as root. So after this point we have two
                  processes both running as root
                - If privsep_init() fails, we have just one process
                  running as root
        - run drop_root_privileges():
                If this succedes, we have two processes one running as
                root and another as radvd user, or if privsep_init()
                failed earlier, we have one process running as radvd
                user.
                If this fails, application quits
- If username was not specified radvd continues to run as a single process as root.
So failure in privsep_init() results in just one process running as radvd user. If it did not fail it would result in one process running as root and another as radvd user. 

I dont think this would be a security issue in my opinion.




--
Huzaifa Sidhpurwala / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: