On Thu, 2015-08-27 at 21:47 +0200, Moritz Muehlenhoff wrote: > On Thu, Aug 27, 2015 at 07:47:08PM +0200, Patrick Matthäi wrote: > > Am 20.08.2015 um 11:39 schrieb Debian Bug Tracking System: > > > Processing commands for cont...@bugs.debian.org: > > > > > > > severity 796023 normal > > > Bug #796023 [src:glusterfs] Missing return check for setuid calls > > > Severity set to 'normal' from 'grave' > > > > thanks > > > Stopping processing here. > > > > > > Please contact me if you need assistance. > > > > > > > Hi, > > > > what is the reason that it is now severity normal rather than > > grave? > > It turned out to be non-exploitable, I don't remember where Ben (CCed) posted > his analysis, though. Can you please add it to the bug log?
1. The two unchecked setuid() calls are setuid(geteuid()). In a setuid- root program this will never drop privileges. If the process has CAP_SETUID then this sets the real and saved uids the same as the effective uid; otherwise it does nothing. 2. Since Linux 3.1 setuid() never fails because of the process limit, anyway. 3. Even with an earlier kernel version, the setuid() call is unlikely to fail due to process limits, since a setuid-root program gets the CAP_SYS_RESOURCE capability and these setuid() calls don't drop that. 4. This code appears to be used in fusermount-glusterfs, but that isn't included in the packages for squeeze or wheezy. Now, it might be that the program was meant to drop privileges and should be calling getuid() instead of geteuid(). In that case, checking for errors would be critical, but actually calling the right function in the first place is even more critical! Ben. -- Ben Hutchings Any sufficiently advanced bug is indistinguishable from a feature.
signature.asc
Description: This is a digitally signed message part
