[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [screen-devel] screen review
|
From: |
Miroslav Lichvar |
|
Subject: |
Re: [screen-devel] screen review |
|
Date: |
Mon, 17 Jan 2011 14:42:22 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, Jan 15, 2011 at 10:15:22AM -0800, Sadrul Habib Chowdhury wrote:
> On Thu, Jan 13, 2011 at 8:59 AM, Miroslav Lichvar <address@hidden>wrote:
> > attached are some patches for issues found in a screen review, please
> > consider for inclusion.
> >
> Hi! Thanks for the patches. Perhaps you could briefly explain what each
> patch does (e.g. what bugs they fix etc.)?
I'm not sure if there are any real bugs fixed by the patches, I just
received a list of issues from people working on the Common Criteria
Certification. I think the patches do what is considered a good
practice in security.
patch 1: not checking return code from setgid/setuid can lead to
vulnerabilities, see CVE-2006-2607
patch 5: tty should be checked if it's not a hardlink and it starts with
/dev, in login.c from util-linux-ng there are comments:
/* In case login is suid it was possible to use a hardlink as stdin
and exploit races for a local root exploit. (Wojciech Purczynski). */
/* More precisely, the problem is ttyn := ttyname(0); ...; chown(ttyn);
here ttyname() might return "/tmp/x", a hardlink to a pseudotty. */
/* All of this is a problem only when login is suid, which it isnt. */
patches 3, 4, 6 probably fix warnings from a static code analyzer.
Not sure about patch 2 (setting PAM_TTY item).
Thanks,
--
Miroslav Lichvar