WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-bugs

[Xen-bugs] [Bug 1777] New: the python script found in the xen-unstable r

To: xen-bugs@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-bugs] [Bug 1777] New: the python script found in the xen-unstable repository at tools/security/python/xensec_gen/main.py attempts to drop privileges to the user 'nobody'. However,
From: bugzilla-daemon@xxxxxxxxxxxxxxxxxxx
Date: Fri, 19 Aug 2011 08:12:22 -0700
Delivery-date: Fri, 19 Aug 2011 08:18:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-bugs-request@lists.xensource.com?subject=help>
List-id: Xen Bugzilla <xen-bugs.lists.xensource.com>
List-post: <mailto:xen-bugs@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=unsubscribe>
Reply-to: bugs@xxxxxxxxxxxxxxxxxx
Sender: xen-bugs-bounces@xxxxxxxxxxxxxxxxxxx
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1777

           Summary: the python script found in the xen-unstable repository
                    at tools/security/python/xensec_gen/main.py attempts to
                    drop privileges to the user 'nobody'. However,
           Product: Xen
           Version: unstable
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Tools
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: db.pub.mail@xxxxxxxxx


http://www.google.com/codesearch#4Wqoij9clTg/tools/security/python/xensec_gen/main.py&q=python%20setuid&sq=&ct=rc&cd=20

the python script found in the xen-unstable repository at
tools/security/python/xensec_gen/main.py attempts to drop privileges to the
user 'nobody'. However,

it does not 'drop' groups correctly. 


the bug can be found in this code -->
        # Change the uid/gid of the process
        os.setgid( gid )
        os.setuid( uid )

and because there is no called method to 'drop' the other groups (other than
the nobody group) the program may continue executing with other group
permissions.

Here is some python code to demonstrate this behaviour:
>>> import os
>>> os.setgid(65534)
>>> os.getgid()
65534
>>> os.setuid(65534)
>>> os.getuid()
65534
>>> os.system("id")
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup),0(root)

(note the presence of the 'root' group ).


-- 
Configure bugmail: 
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs

<Prev in Thread] Current Thread [Next in Thread>