[Pkg-uml-pkgs] Bug#399579: user-mode-linux: Failure to drop
privileges inside UML
Mattia Dongili
malattia at linux.it
Mon Nov 20 20:55:31 CET 2006
On Mon, Nov 20, 2006 at 06:22:52PM +0100, Nicolas Boullis wrote:
> Package: user-mode-linux
> Version: 2.6.18-1um-1
> Severity: critical
> Tags: security
> Justification: root security hole
>
> Hi,
>
> I just discovered that postfix fails to drop its privileges while run
> inside uml.
> I discovered this using postfix 2.3.3-1, with
> mailbox_command = procmail -a "$EXTENSION"
>
> On a standard host, procmail is run as the recipient user, with no euid,
> while inside the UML host it is run with euid=0, with effective access to
> root-only files.
>
> I think it is a security issue inside the UML, hence the critical severity.
Can you provide evidence?[1] It seems I can't reproduce what you say.
Eg: I made ~/Mail/inbox a root-only folder and procmail complains about
it:
procmail: Unable to treat as directory "/home/malattia/Mail/inbox/new"
Actually I tried with postfix 2.3.4-1 but it shouldn't matter if the
problem is UML.
[1]: or sample instructions or simple proof-of-concept
Thanks
--
mattia
:wq!
More information about the Pkg-uml-pkgs
mailing list