Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- P

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- P

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")"
Date:	Fri, 13 Feb 2015 19:57:26 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/13/2015 07:47 PM, Daniel Kahn Gillmor wrote:
> On Fri 2015-02-13 12:28:25 -0500, Kristian Fiskerstrand wrote:
>> The startup-scripts provided by whichever sane distribution
>> should fix this anyways to be a non-issue. From the Gentoo
>> /etc/init.d/sks-db:
>> 
>> start_pre() { checkpath --owner sks:sks --directory \ ${SKS_DIR}
>> ${SKS_DIR}/KDB ${SKS_DIR}/PTree checkpath --owner sks:sks --file
>> \ ${SKS_DIR}/*.log ${SKS_DIR}/KDB/* ${SKS_DIR}/PTree/* }
> 
> I don't know what checkpath is, but i assume it's intended to force
> the ownership to a given user.

init helper that is part of OpenRC (for those of us that can't stand
the systemd philosophy). A copy of the source at [0]
> 
> This suggests that (depending on the kernel version and
> configuration, i guess) the sks process can actually take control
> over arbitrary files in the same filesystem by hardlinking them
> into those locations.
> 
> For example, if someone uses the same filesystem for their entire 
> machine (a common configuration these days) then somoene who has
> taken control of an sks instance can do:
> 
> ln /etc/passwd ${SKS_DIR}/passwd.log
> 
> then at the next service start, /etc/passwd will be owned as
> sks:sks.

Curious attack vector, from a quick glance this would actually work :|
Thanks for pointing that out, will look into how to mitigate that.

Reference:
[0] https://github.com/OpenRC/openrc/blob/master/src/rc/checkpath.c

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"History repeats itself; historians repeat each other"
(Philip Guedalla)
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJU3kkRAAoJEP7VAChXwav6Kv8H/0wP4n/nqNqEZfV9eklw/UDL
wMJrOXuH/N0mjlFOZOYXE6ts/6fKPAxq3NaQjOEr8w6roC+HQGirqEj3foLBVhpi
472CWAh9Q20azE+XGD9/Mzt2oL/W4sr6qKmdP+Ae+p9C73ergUPRF7kNttyUeUge
txR8fNRhRjo+IXuQLdo2DqEVHOFAi/2Y5MninxL5jULZRI+B6UruUq1+ezDv0aBl
kme4vq+/9OvEp5W6WVHDLP5bSukAZdsG8eYTaJxdhh8AMe7FHlxoKwpO2VcqLYyF
YORZm39LDzANemXWSnMvDeQSMACRxf/ylZyTHoqT3kWLJp/U/nrg0UXOdJ0RZLc=
=DG6j
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", David Benfell, 2015/02/11
- Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", Kristian Fiskerstrand, 2015/02/11
  - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", David Benfell, 2015/02/11
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", Kristian Fiskerstrand, 2015/02/13
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", David Benfell, 2015/02/13
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", Daniel Kahn Gillmor, 2015/02/13
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", Kristian Fiskerstrand, 2015/02/13
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", Daniel Kahn Gillmor, 2015/02/13
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", Kristian Fiskerstrand <=
    - Re: [Sks-devel] recon stops: "2015-02-11 07:09:48 Raising Sys.Break -- PTree may be corrupted: Failure("remove_from_node: attempt to delete non-existant element from prefix tree")", David Benfell, 2015/02/13
    - [Sks-devel] FreeBSD init scripts, Phil Pennock, 2015/02/14
    - Re: [Sks-devel] FreeBSD init scripts, Johan van Selst, 2015/02/14
    - Re: [Sks-devel] FreeBSD init scripts, Phil Pennock, 2015/02/17