bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setuid/setgid return values not checked in rlogin, rsh, rshd and uuc

From: Jeffrey
Subject: Re: setuid/setgid return values not checked in rlogin, rsh, rshd and uucpd
Date: Mon, 24 Jul 2023 16:17:48 +0200
Patch attached.

Not sure what should be a headline or not in NEWS (release numbers etc.). Find below a proposal for such entry:

** ftpd, rcp, rlogin, rsh, rshd, uucpd

*** Avoid potential privilege escalations due to absence of checking set*id() return values.
Reported by Jeffrey Bencteux in <https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html>.

--
Jeffrey BENCTEUX


Le sam. 22 juil. 2023 à 10:36, Simon Josefsson <simon@josefsson.org> a écrit :
Jeffrey <jeffbencteux@gmail.com> writes:

> I found more occurences of unchecked values for set*id() functions in other
> inetutils programs: ftpd, rcp.
>
> It has different security impact if it can be triggered:
>
> * rcp: local privilege escalation to the user running the binary
> * ftpd: undefined behaviour without privilege escalation as all calls are
> to seteuid(0) (gaining root privileges, not dropping it)
>
> I am attaching a consolidated patch to fix these and the previous ones.

Thanks again -- copyright papers have now arrived, and I looked at the
patch, and it seems good.  However the patch does not apply cleanly due
to whitespace and line-wrapping problems, can you re-send the patch as
an attachment instead of inline in your email?  Please also add NEWS
entries (look at earlier entries as templates).

/Simon

Attachment: 0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]