Displaying 3 results from an estimated 3 matches for "opt_user".
2017 Feb 02
3
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 07:16 -0800, Gordon Messmer wrote:
> On 02/02/2017 06:51 AM, Leonard den Ottolander wrote:
> > pkcheck might not be directly vulnerable. However, pkexec is.
>
>
> If that's so, why are you supplying patches to pkcheck rather than
> fixing pkexec?
The patch has a fix for three memory leaks. One memory leak that allows
heap spraying in pkexec.c that
2017 Feb 02
0
Serious attack vector on pkcheck ignored by Red Hat
...there is still a risk that collision could be
exploitable in combination with other, as yet undiscovered bugs. If Red
Hat is concerned with changing the behavior of pkexec in scripts, then
they can still fix the memory leak without otherwise changing the
behavior of the program by adding:
if (opt_user != NULL)
{
g_free(opt_user);
}
..instead of the upstream solution of failing on multiple --user
specifications. This will correct the leak and won't break any scripts
that call --user multiple times.
That's it. Keep your bug report simple. Focus on the program that
presen...
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
...privilege escalation so it is worrisome even if the
binary itself is not setuid.
> If Red
> Hat is concerned with changing the behavior of pkexec in scripts, then
> they can still fix the memory leak without otherwise changing the
> behavior of the program by adding:
>
> if (opt_user != NULL)
> {
> g_free(opt_user);
> }
That is the initial fix I proposed, but I changed it to use the upstream
fix of not allowing multiple invocations of --user. Multiple invocations
of --user are pointless in this context, so I believe the upstream fix
is just fine. And probab...