[Pkg-uml-pkgs] Bug#399579: user-mode-linux: Failure to drop
privileges inside UML
Nicolas Boullis
nicolas.boullis at ecp.fr
Mon Nov 20 18:22:52 CET 2006
Package: user-mode-linux
Version: 2.6.18-1um-1
Severity: critical
Tags: security
Justification: root security hole
Hi,
I just discovered that postfix fails to drop its privileges while run
inside uml.
I discovered this using postfix 2.3.3-1, with
mailbox_command = procmail -a "$EXTENSION"
On a standard host, procmail is run as the recipient user, with no euid,
while inside the UML host it is run with euid=0, with effective access to
root-only files.
I think it is a security issue inside the UML, hence the critical severity.
Cheers,
Nicolas
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages user-mode-linux depends on:
ii uml-utilities 20060323-3 User-mode Linux (utility programs)
user-mode-linux recommends no packages.
-- no debconf information
More information about the Pkg-uml-pkgs
mailing list