<<< Date Index >>>     <<< Thread Index >>>

Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability



On Fri, 17 Aug 2007, Glynn Clements wrote:

> There definitely appears to be potential for DoS against system-wide
> resources.
> 
Only the potential. In most cases that potential will remain unimplemented
since there are only a few setuid binaries in the system, so the real DoS
attack may be either impossible or bring a too tiny harm like impossibility for 
users to change their passwords or finger information. Several posters already 
talked here about the need to provide a PoC exploit that will work for at least 
10% cases before raising an alarm. The security implication of this bug is in 
fact rather theoretical than practical. Nobody yet talked here that this is not 
a bug to be fixed. The original poster just raised a false alarm here. That is 
what I talk about.
        BTW, many setuid root binaries like /bin/su don't even issue setuid(0) 
and work under RUID of the calling user (but they do issue setuid(<UID of 
authenticated user>) before executing either shell or program as a child),
which means in turn that they can be easily killed in a usual way.
-- 

    Sincerely Your, Dan.