http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1777
Summary: the python script found in the xen-unstable repository
at tools/security/python/xensec_gen/main.py attempts to
drop privileges to the user 'nobody'. However,
Product: Xen
Version: unstable
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Tools
AssignedTo: xen-bugs@lists.xensource.com
ReportedBy: db.pub.mail@gmail.com
http://www.google.com/codesearch#4Wqoij9clTg/tools/security/python/xensec_gen/main.py&q=python%20setuid&sq=&ct=rc&cd=20
the python script found in the xen-unstable repository at
tools/security/python/xensec_gen/main.py attempts to drop privileges to the
user 'nobody'. However,
it does not 'drop' groups correctly.
the bug can be found in this code -->
# Change the uid/gid of the process
os.setgid( gid )
os.setuid( uid )
and because there is no called method to 'drop' the other groups (other than
the nobody group) the program may continue executing with other group
permissions.
Here is some python code to demonstrate this behaviour:
>>> import os
>>> os.setgid(65534)
>>> os.getgid()
65534
>>> os.setuid(65534)
>>> os.getuid()
65534
>>> os.system("id")
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup),0(root)
(note the presence of the 'root' group ).
--
Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
Xen-bugs mailing list
Xen-bugs@lists.xensource.com
http://lists.xensource.com/xen-bugs
Summary: the python script found in the xen-unstable repository
at tools/security/python/xensec_gen/main.py attempts to
drop privileges to the user 'nobody'. However,
Product: Xen
Version: unstable
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Tools
AssignedTo: xen-bugs@lists.xensource.com
ReportedBy: db.pub.mail@gmail.com
http://www.google.com/codesearch#4Wqoij9clTg/tools/security/python/xensec_gen/main.py&q=python%20setuid&sq=&ct=rc&cd=20
the python script found in the xen-unstable repository at
tools/security/python/xensec_gen/main.py attempts to drop privileges to the
user 'nobody'. However,
it does not 'drop' groups correctly.
the bug can be found in this code -->
# Change the uid/gid of the process
os.setgid( gid )
os.setuid( uid )
and because there is no called method to 'drop' the other groups (other than
the nobody group) the program may continue executing with other group
permissions.
Here is some python code to demonstrate this behaviour:
>>> import os
>>> os.setgid(65534)
>>> os.getgid()
65534
>>> os.setuid(65534)
>>> os.getuid()
65534
>>> os.system("id")
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup),0(root)
(note the presence of the 'root' group ).
--
Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
Xen-bugs mailing list
Xen-bugs@lists.xensource.com
http://lists.xensource.com/xen-bugs