Summary: | net-analyzer/smokeping: root privilege escalation via race condition in init script | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | jer, nic, treecleaner, vapier, zerochaos |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/24415 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2016-12-14 15:47:14 UTC
@ Maintainers(s): Please tell us how you want to proceed here. Should security take action or will you look into this? This is now public. Please take action (if you cannot fix but still care about package, drop restore function from runscript at least) or let treecleaners last rite. Hello- If I'm not mistaken, passing "--no-dereference" to chown should mitigate this finding. Thank you (In reply to nic from comment #3) > Hello- > If I'm not mistaken, passing "--no-dereference" to chown should mitigate > this finding. > The same trick works with hard links, and --no-dereference doesn't help with that. I think the "restore" process really just needs to run as smokeping:smokeping and not as root. (I am assuming that the "chown root:0" line does nothing important.) Appreciate your insights. From a user perspective, I'd support removal this function if a solution is not forthcoming. I suspect not many folks have a need to run this often, as I've only needed to do so when migrating rrd between arches. Maybe consider adding doco as einfo statements or into the wiki? "sudo -u smokeping rrdtool restore foo.xml foo.rrd" Thank you commit 2310b0cd4914c79b2e8f3cb424259bb6e635a195 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-09-18 21:16:58 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-18 21:16:58 +0000 net-analyzer/smokeping: treeclean Bug: https://bugs.gentoo.org/631140 Signed-off-by: John Helmert III <ajak@gentoo.org> net-analyzer/smokeping/Manifest | 1 - net-analyzer/smokeping/files/79_smokeping.conf | 15 --- net-analyzer/smokeping/files/smokeping.conf | 1 - net-analyzer/smokeping/files/smokeping.init.5 | 56 --------- net-analyzer/smokeping/files/smokeping.service | 10 -- net-analyzer/smokeping/metadata.xml | 12 -- net-analyzer/smokeping/smokeping-2.7.3-r1.ebuild | 143 ----------------------- profiles/package.mask | 5 - 8 files changed, 243 deletions(-) GLSA request filed, CVE pending The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2570332a2b988e5bec8319e9b7bcfceb39048f5d commit 2570332a2b988e5bec8319e9b7bcfceb39048f5d Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-09-25 13:55:57 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:55:57 +0000 [ GLSA 202209-08 ] fix bug reference typo Bug: https://bugs.gentoo.org/602652 Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-08.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) GLSA released, all done! |