Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 55698 - sys-kernel/rsbac-*: RSBAC jailed users can create suid sgid files
Summary: sys-kernel/rsbac-*: RSBAC jailed users can create suid sgid files
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: B3 [kernel]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-30 10:49 UTC by Chris White (RETIRED)
Modified: 2011-10-30 22:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
RSBAC JAIL module patch (rsbac-bugfix-v1.2.3-3.diff,557 bytes, patch)
2004-06-30 10:53 UTC, Chris White (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris White (RETIRED) gentoo-dev 2004-06-30 10:49:44 UTC 
The JAIL module in RSBAC has been discovered to have a flaw in its checking to see if files should be created by a user.

Because of this flaw, a program created by a user could create suid and sguid files using sys_creat, sys_open, and sys_mknod.

A patch was created to address this issue.  Bug was reported by Brad Sprengler.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Chris White (RETIRED) gentoo-dev 2004-06-30 10:53:01 UTC 
Created attachment 34504 [details, diff]
RSBAC JAIL module patch
Comment 2 Guillaume Destuynder (RETIRED) gentoo-dev 2004-06-30 13:50:00 UTC 
rsbac-sources and rsbac-dev-sources both include v1.2.3-3 fix for JAIL bugs as of today.
Comment 3 Guillaume Destuynder (RETIRED) gentoo-dev 2004-06-30 14:02:18 UTC 
erroneously resolved the bug too early.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-07-01 02:27:34 UTC 
Which packages are affected by this ? Only rsbac-sources and rsbac-dev-sources ?
Comment 5 Guillaume Destuynder (RETIRED) gentoo-dev 2004-07-01 03:30:25 UTC 
yes
rsbac-sources and rsbac-dev-sources;

both are masked in ~x86 and there never was a stable ebuild yet (its too young) so no GLSA is normally needed.
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2004-07-03 16:05:48 UTC 
GLSA 200407-02; http://article.gmane.org/gmane.linux.gentoo.announce/382; closing as FIXED.