bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Missing calls and unchecked return values of initgroups()

From: Jeffrey
Subject: Missing calls and unchecked return values of initgroups()
Date: Sun, 7 Jan 2024 14:01:11 +0100
Several initgroups() return values are not checked in inetutils programs. Others simply do not call initgroups() while relinquishing privileges.

I found the following occurences of these issues:

* inetd, uucpd, rshd, ftpd: missing return value check
* tftpd: missing call

This concern was raised by Alexander Peslyak on the oss-security mailing list:

https://www.openwall.com/lists/oss-security/2023/12/30/2

This is indeed a security issue as these programs may not drop supplementary groups ownerships and a potential arbitrary code execution in subsequent
code could lead to privilege escalation. POSIX have a rule related to this:

https://wiki.sei.cmu.edu/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges

I am attaching a patch to both add the missing initgroups() return value checks and calls where needed for inetd, uucpd, rshd, ftpd and tftpd.

Regards,

--
Jeffrey BENCTEUX

Attachment: 0001-inetd-uucpd-rshd-ftpd-tftpd-fix-check-initgroups-ret.patch
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]