oss-sec mailing list archives
Re: Re: CVE Request for glusterfs: fuse check return value of setuid
From: Seth Arnold <seth.arnold () canonical com>
Date: Fri, 4 Sep 2015 19:08:18 -0700
On Fri, Sep 04, 2015 at 08:42:10PM -0400, cve-assign () mitre org wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1254488 http://review.gluster.org/#/c/10780/ https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6
- the only goal in calling setuid is to execute /bin/mount (or /bin/umount) from a process with both an effective UID of 0 and a real UID of 0. This is a requirement of the util-linux mount program. See the "if we're really root and aren't running setuid" comment in mount.c. Otherwise, for the types of mount usage in question, mount would print "mount: only root can do that" and exit.
This is an excellent analysis but does it hinge upon the util-linux "aren't running suid" behaviour in mount? Does it matter that the busybox mount, for example, doesn't appear to have this same requirement? I don't see any corresponding code in: http://sources.debian.net/src/busybox/1:1.22.0-15/util-linux/mount.c/ I'm certainly no busybox expert but nothing looks like a corresponding uid == 0 && euid == 0 check. The call to sanitize_env_if_suid() even suggests setuid execution is expected and anticipated. Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Aug 18)
- Re: CVE Request for glusterfs: fuse check return value of setuid Florian Weimer (Aug 18)
- Re: CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Aug 25)
- Re: CVE Request for glusterfs: fuse check return value of setuid Siddharth Sharma (Sep 02)
- Re: CVE Request for glusterfs: fuse check return value of setuid cve-assign (Sep 04)
- Re: Re: CVE Request for glusterfs: fuse check return value of setuid Seth Arnold (Sep 04)
- Re: CVE Request for glusterfs: fuse check return value of setuid cve-assign (Sep 04)
- Re: Re: CVE Request for glusterfs: fuse check return value of setuid Seth Arnold (Sep 04)
- Re: CVE Request for glusterfs: fuse check return value of setuid Florian Weimer (Aug 18)