Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 124239

Summary: net-misc/dhcpcd: <=2.0.1 leak file descriptors
Product: Gentoo Security Reporter: Roy Marples (RETIRED) <uberlord>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: blubb, flameeyes, halcy0n, killerfox, spb
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2? [noglsa] DerCorny
Package list:
Runtime testing required: ---

Description Roy Marples (RETIRED) gentoo-dev 2006-02-27 02:50:33 UTC 
In dhcpcd-2.0.1 and ealier the raw and UDP sockets were inherited by the dhcpcd.exe script and its children. If the children changed uid away from root, they would inherit otherwise unavailable rights to access these sockets.

Found and fixed by Simon Kelly (simon@thekelleys.org.uk)

dhcpcd-2.0.2 (now in portage) contains the fix.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-27 03:30:07 UTC 
is there a reason why this is assigned to component "auditing" or did that happen by accident? Can I call the arch security liaisons to mark this one stable?
Comment 2 Roy Marples (RETIRED) gentoo-dev 2006-02-27 03:34:45 UTC 
Oppps, didn't must have been a mistake putting it under auditing!

dhcpcd-2.0.2 is ready to go stable imo
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-27 04:43:35 UTC 
ok then, sec liaisons (sp?) please test and mark stable, thank you.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2006-02-27 05:09:22 UTC 
stable on ppc64
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2006-02-27 09:00:58 UTC 
ppc stable
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2006-02-27 09:50:24 UTC 
sparc stable.
Comment 7 Simon Stelling (RETIRED) gentoo-dev 2006-02-27 10:23:22 UTC 
amd64 stable
Comment 8 Stephen Bennett (RETIRED) gentoo-dev 2006-02-27 10:39:50 UTC 
Alpha done.
Comment 9 Mark Loeser (RETIRED) gentoo-dev 2006-02-27 11:25:17 UTC 
x86 done
Comment 10 René Nussbaumer (RETIRED) gentoo-dev 2006-02-27 12:35:01 UTC 
hppa stable
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2006-03-04 08:20:37 UTC 
uberlord: can we send the GLSA and open this bug ? Also please give more details about the impact (for GLSA drafters).
Comment 12 Roy Marples (RETIRED) gentoo-dev 2006-03-09 07:36:38 UTC 
Sorry about the late response, dhcpcd-2.0.2 has introduced a slight bug that appears to only affect a small subset of people which we think we've now fixed on bug #124543

Anyway, the issue is that dhcpcd can call a script when any dhcp relation action has occurred, so the system can do other tasks such as start or stop services. Now, these services can drop to other users, such as apache, which would not normally have access to the resources left by the fd's which were leaked to the script.

By default, Gentoo does not install any script for dhcpcd to use so this would have very minimal impact.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2006-03-09 09:45:38 UTC 
We should call a vote. Looks like minimal impact to me : it's more an unintended side-effect with potential security consequences than something exploitable, so I tend to vote no...
Comment 14 Tavis Ormandy (RETIRED) gentoo-dev 2006-03-09 10:00:01 UTC 
sounds like minimal impact, also vote NO
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2006-03-11 03:23:03 UTC 
Closing without GLSA and opening bug, feel free to reopen if you think this needs a GLSA (practical exploit path).