[SECURITY] linux-user-chroot 2013.1

From: Colin Walters <walters verbum org>
To: gnome-announce-list gnome org
Subject: [SECURITY] linux-user-chroot 2013.1
Date: Sun, 24 Feb 2013 11:08:38 -0500

A new version of linux-user-chroot is now available:

http://git.gnome.org/browse/linux-user-chroot/tag/?id=v2013.1
http://ftp.acc.umu.se/pub/GNOME/sources/linux-user-chroot/2013.1

Here's the shortlog:

Colin Walters (6):
      Use MS_MOVE of / rather than chroot()
      Only MS_MOVE the root to / if the root isn't already /
      build: use AC_SYS_LARGEFILE
      [SECURITY] Invoke chdir() after we've switched uid, not before
      [SECURITY] Use fsuid to lookup bind mount paths and chroot target
      Release 2013.1

The most important parts, as you might imagine, are tagged [SECURITY].
The severity of the flaw is mainly that the user can easily access
otherwise inaccessible directories if the subdirectory is mode 0755.

On my RHEL6 system for example, /root/.virsh can be viewed, where
ordinarily it couldn't.

This flaw is greatly mitigated by the fact that security-conscious
programs such as OpenSSH ensure ~/.ssh is mode 0700.

Thanks to Marc Deslauriers and Ryan Lortie for reporting this issue
and reviewing patches.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]