search for: opt_user

Displaying 3 results from an estimated 3 matches for "opt_user".

2017 Feb 02
3
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 07:16 -0800, Gordon Messmer wrote: > On 02/02/2017 06:51 AM, Leonard den Ottolander wrote: > > pkcheck might not be directly vulnerable. However, pkexec is. > > > If that's so, why are you supplying patches to pkcheck rather than > fixing pkexec? The patch has a fix for three memory leaks. One memory leak that allows heap spraying in pkexec.c that
2017 Feb 02
0
Serious attack vector on pkcheck ignored by Red Hat
...there is still a risk that collision could be exploitable in combination with other, as yet undiscovered bugs. If Red Hat is concerned with changing the behavior of pkexec in scripts, then they can still fix the memory leak without otherwise changing the behavior of the program by adding: if (opt_user != NULL) { g_free(opt_user); } ..instead of the upstream solution of failing on multiple --user specifications. This will correct the leak and won't break any scripts that call --user multiple times. That's it. Keep your bug report simple. Focus on the program that presen...
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
...privilege escalation so it is worrisome even if the binary itself is not setuid. > If Red > Hat is concerned with changing the behavior of pkexec in scripts, then > they can still fix the memory leak without otherwise changing the > behavior of the program by adding: > > if (opt_user != NULL) > { > g_free(opt_user); > } That is the initial fix I proposed, but I changed it to use the upstream fix of not allowing multiple invocations of --user. Multiple invocations of --user are pointless in this context, so I believe the upstream fix is just fine. And probab...