guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security weakness in Guix services

From: Ludovic Courtès
Subject: Re: Potential security weakness in Guix services
Date: Tue, 02 Feb 2021 14:07:44 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) 
Hi,

Maxime Devos <maximedevos@telenet.be> skribis:

>> > I’m not sure I understand the threat model.  If Knot has a RCE
>> > vulnerability, it can be exploited to run anything on behalf of the
>> > ‘knot’ user.
>> > 
>> > At that point, all the state associated with Knot in /var/lib should be
>> > considered tainted; new keys should be generated, and so on.
>> > 
>> > Why focus on the permissions on /var/lib/knot?
>> 
>> My understanding is that, in case of an RCE in knot, the attacker can
>> replace /var/lib/knot/* with symlinks to arbitrary files in the FS. When
>> the activation procedure is run afterwards, the files being linked to
>> are chowned to the knot user, and the attacker can access them.
>
> That's exactly what I had in mind!  Though I would like to stress that
> ‘access’ here is both reading and writing.

OK, I see.  Roughly, this symlink chown story would be a local exploit
that the attacker can take advantage of after exploiting the RCE to
potentially get root access.

‘mkdir-p/perms’ could check that the directory is not a symlink, to
begin with.  Is this what you had in mind, Maxime?

Thanks,
Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]