[Xen-bugs] [Bug 1777] New: the python script found in the xen-unstable repository at tools/security/python/xensec_gen/main.py attempts to drop privileges to the user 'nobody'. However,

[bugzilla-daemon@xxxxxxxxxxxxxxxxxxx]

http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1777

           Summary: the python script found in the xen-unstable repository
                    at tools/security/python/xensec_gen/main.py attempts to
                    drop privileges to the user 'nobody'. However,
           Product: Xen
           Version: unstable
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Tools
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: db.pub.mail@xxxxxxxxx


http://www.google.com/codesearch#4Wqoij9clTg/tools/security/python/xensec_gen/main.py&q=python%20setuid&sq=&ct=rc&cd=20

the python script found in the xen-unstable repository at
tools/security/python/xensec_gen/main.py attempts to drop privileges to the
user 'nobody'. However,

it does not 'drop' groups correctly. 


the bug can be found in this code -->
        # Change the uid/gid of the process
        os.setgid( gid )
        os.setuid( uid )

and because there is no called method to 'drop' the other groups (other than
the nobody group) the program may continue executing with other group
permissions.

Here is some python code to demonstrate this behaviour:
>>> import os
>>> os.setgid(65534)
>>> os.getgid()
65534
>>> os.setuid(65534)
>>> os.getuid()
65534
>>> os.system("id")
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup),0(root)

(note the presence of the 'root' group ).


-- 
Configure bugmail: 
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs