Fwd: Linux Broadcom 5820 Cryptonet Driver Integer Overflow
Dominic Hargreaves
dom at earth.li
Mon Jul 12 11:58:42 UTC 2004
On Fri, Jul 02, 2004 at 04:58:02PM +0100, Jon Peatfield wrote:
> None of the "obvious" tests I carried out with the existing nfs server
> code allowed me to chgrp a file I didn't own, so I'm not exactly sure
> under what circumstances the is actually exploitable anyway (maybe it
> needs root-squash turning off or something, in which case it would
> only affect hosts you nfs export (rw) to which are untrustworthy).
I would be most interested on the precise nature of this vulnerability,
which I've not been able to find explained anywhere. I'm about to roll
out 35.7, but if I can find evidence that the chown bug really does
affect our particular setup I'll have to rethink. As Jon says the
obvious tests fail with "Operation not permitted" (including when
exported no_root_squash). The question is, is the vulnerability relevant
when root@ all the NFS clients is trusted? I'd be interested if anyone
has any insight.
Cheers,
Dominic.
More information about the fedora-legacy-list
mailing list