oss-sec mailing list archives
Re: ecryptfs headsup
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 10 Jul 2012 08:07:28 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/10/2012 05:33 AM, Sebastian Krahmer wrote:
Hi, We made a hardening patch for ecryptfs utils. It is finally ready, using sysconf(_SC_NGROUPS_MAX) :) I dont know whether a CVE is needed, maybe if you already ship it suid root (we do not). It can be found here: https://bugzilla.novell.com/show_bug.cgi?id=740110 Sebastian
Well what is the security vulnerability / trust boundary that can be broken using this issue? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP/DcgAAoJEBYNRVNeJnmT3R8P/0cRjsBbmwVeMwKUbwzZPUrB qIZcQEtx+VfQo/pWasY+DudbszVlg7ZKEkOkORMGPeiCYWofElWG3YFM0vzPQALA gBLCXOUYzGqZ9ZF754hizqSYOhPa9aQHV0yB/NPlYGhl1MZSjQx6/brsYs1EDOZU Kn3bslL3vgp3mzhoDjTKyiLjndaVlFagQVlmcgXlm6YtzkFFkqCTdOU1IU0vElAO hgeWzqNXH1ykEDxY6cZCpog+t28VhpbPG87qA2C2ErgZdfTulCaip4LsfP5B5fGY nW0Z1vfFRn+2b3iR7YZBmcVbzgO2FUEBhKTRgKWyhDZ4Lee298CKm47dxXDt/T0Q PB5Q1a9oJKCcitApyYKqK5f3kZ82uPJJt2jorVRN41ppBIGLbKQurGlYZUXb62Xc Lyv4rxL+4/ejJXi6XQCTrHzzJf35Y9JSFsvO0bqXR/xwHtumWs44p6SDW34xtp5y Vif1wrYqUUAzKEZkN7w8kzQA3Sz6hXOBiadqcNf7qkaGQ/0HlIfGB3abo7/OlJVB 2Jf+HH5bM+5oiXA5fKwqq07dNUj9sGptOmuZVhfFsOE1H46WCKqhBGBgsanU94x9 W/3IUyq4wEAH3lJQypXh65kZoJGc+5CDeypQ2eo9/RI1jmrjxIR5GeN/WVcPRJtY MByzHCJ43wPYEVl25/eV =7ydb -----END PGP SIGNATURE-----
Current thread:
- ecryptfs headsup Sebastian Krahmer (Jul 10)
- Re: ecryptfs headsup Kurt Seifried (Jul 10)
- Re: ecryptfs headsup Sebastian Krahmer (Jul 10)
- Re: ecryptfs headsup Marcus Meissner (Jul 10)
- Re: ecryptfs headsup Dan Rosenberg (Jul 10)
- Re: ecryptfs headsup Tyler Hicks (Jul 10)
- Re: ecryptfs headsup Tyler Hicks (Jul 10)
- Re: ecryptfs headsup Dustin Kirkland (Jul 11)
- Re: ecryptfs headsup Kurt Seifried (Jul 11)
- Re: Re: ecryptfs headsup Tyler Hicks (Jul 11)
- Re: Re: ecryptfs headsup Kurt Seifried (Jul 11)
- Re: Re: ecryptfs headsup Tyler Hicks (Jul 11)
- Re: ecryptfs headsup Sebastian Krahmer (Jul 10)
- Re: ecryptfs headsup Kurt Seifried (Jul 10)