[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Plash] Re: Plash 1.16 - possible security hole
From: |
Richard Thrippleton |
Subject: |
[Plash] Re: Plash 1.16 - possible security hole |
Date: |
Tue, 2 Jan 2007 04:18:50 +0000 |
User-agent: |
Mutt/1.5.13 (2006-08-11) |
On Fri Dec 29 12:02, Mark Seaborn wrote:
> Richard Thrippleton <address@hidden> wrote:
>
> This was fixed in version 1.17. Specifically, in SVN revision 253.
> Plash now refuses to set the setuid/setgid bits on the sandboxed
> program's behalf. Looks like I missed this change when updating the
> changelog from the SVN log; I'll add it in now.
Good, glad it got spotted :-).
In related news, I think there's possibly another bug relating to hostile local
users + compromised sandboxed applications. It relates to hardlinks, and has
been verified in 1.17.
The hostile local user creates a hardlink in /tmp pointing to ~victim/.bashrc .
The victim's confined application, though it has little access to files in ~,
can compromise ~/.bashrc via the hardlink. It's reasonable that a confined
application can read/write tmp, and that a hostile local user can hardlink to
the victim's .bashrc; homedir's without world-search permission are rare.
Can you confirm?
Richard
- [Plash] Re: Plash 1.16 - possible security hole,
Richard Thrippleton <=