[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential security weakness in Guix services
From: |
Maxime Devos |
Subject: |
Re: Potential security weakness in Guix services |
Date: |
Mon, 01 Feb 2021 17:19:45 +0100 |
User-agent: |
Evolution 3.34.2 |
> > I’m not sure I understand the threat model. If Knot has a RCE
> > vulnerability, it can be exploited to run anything on behalf of the
> > ‘knot’ user.
> >
> > At that point, all the state associated with Knot in /var/lib should be
> > considered tainted; new keys should be generated, and so on.
> >
> > Why focus on the permissions on /var/lib/knot?
>
> My understanding is that, in case of an RCE in knot, the attacker can
> replace /var/lib/knot/* with symlinks to arbitrary files in the FS. When
> the activation procedure is run afterwards, the files being linked to
> are chowned to the knot user, and the attacker can access them.
That's exactly what I had in mind! Though I would like to stress that
‘access’ here is both reading and writing.
Maxime.
signature.asc
Description: This is a digitally signed message part
- Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/01
- Re: Potential security weakness in Guix services, Julien Lepiller, 2021/02/01
- Re: Potential security weakness in Guix services,
Maxime Devos <=
- Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/02
- Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/02
- Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/02
- Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/05
- Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/05
- Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/05
- Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/06
- Re: Potential security weakness in Guix services, Maxime Devos, 2021/02/06
- Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/10
- Re: Potential security weakness in Guix services, Ludovic Courtès, 2021/02/06