sys-cluster/swift installs its config files as root:root, but places them in a directory owned by the "swift" user:
$ ls -al /etc/swift/
drwxr-xr-x 2 swift swift 4.0K 2017-08-31 08:58 .
drwxr-xr-x 97 root root 12K 2017-08-31 09:02 ..
-rw-r--r-- 1 root root 9.3K 2017-08-31 08:58 account-server.conf
So while the "swift" user can't write directly to those files, he can simply replace them. This can be most likely be exploited to gain root (I'm not 100% sure, because I have no idea what swift does). For example, the "swift" user
bind_port = 80
user = root
in account-server.conf and, at the very least, cause a weird denial of service.
If an attacker gains control of the "swift" user via a remote exploit, then that same trick can be used to start the daemons as root next time, making it a remote root exploit. In other words, the benefits of running as an unprivileged user are negated.
fixed in 2017.2.9999 and 2.15.1-r1 (which is set to go stable with the rest of pike in about a month).
so... let me know next steps
fixed by changing the owner to root:swift and fperms 0750 on /etc/swift
2.15.1-r1 is now stable
(In reply to Matthew Thode ( prometheanfire ) from comment #3)
> 2.15.1-r1 is now stable
Thanks Matthew, could you please verify if the tree is clean of vulnerable versions?
@Security please add to an existing glsa or file a new one.
Gentoo Security Padawan
yep, cleaned up and stable
(In reply to Matthew Thode ( prometheanfire ) from comment #5)
> yep, cleaned up and stable
Maintainer(s), please drop the vulnerable version(s).
| | u |
| a a p s a n r | n |
| l m h i p p r m m i i s | e u s | r
| p d a p a p c a x m i 6 o s 3 | a s l | e
| h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p
| a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o
2.10.2-r1 | o + o o o o o o + ~ o o o o o o | 5 # 0 | gentoo
2.13.1-r1 | o + o o o o o o + ~ o o o o o o | 6 # | gentoo
2.15.1-r1 | o + o o o o o o + ~ o o o o o o | 6 o | gento
the r1's are not vulnerable, the same fix was made to all released versions.
GLSA Vote: No