|
Message-ID: <1485294901.1902.2.camel@gmail.com>
Date: Tue, 24 Jan 2017 16:55:01 -0500
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Headsup: systemd v228 local root exploit
(CVE-2016-10156)
On Wed, 2017-01-25 at 01:20 +0500, Alexander E. Patrakov wrote:
> 2017-01-24 13:55 GMT+05:00 Sebastian Krahmer <krahmer@...e.com>:
> > Hi
> >
> > This is a heads up for a trivial systemd local root exploit, that
> > was silently fixed in the upstream git as:
> >
> > commit 06eeacb6fe029804f296b065b3ce91e796e1cd0e
> > Author: ....
> > Date: Fri Jan 29 23:36:08 2016 +0200
> >
> > basic: fix touch() creating files with 07777 mode
>
> That's important for users of Arch Linux and other rolling
> distributions.
>
> If the system has booted the vulnerable version of systemd at least
> once, then the files with dangerous permissions will be there. There
> is no code in systemd that fixes permissions on already existing stamp
> files. There is no postinstall script in Arch that does it, either.
> So, you have to fix permissions to 0644 or remove the stamp files
> manually, once, even though the commit appeared in Arch repositories
> long time ago.
Ah, sorry, I didn't see that it did this for /var/lib timer files too.
It does seem to recreate them if the timers are still around at least.
Download attachment "signature.asc" of type "application/pgp-signature" (867 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.