Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: pacemaker strcmp
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 14 Dec 2012 18:16:04 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/13/2012 09:37 AM, Simon . wrote:
Hi,

I might have overlooked something. Starting from Line 39, if
pacemaker is compiled with ACL support:

https://github.com/ClusterLabs/pacemaker/blob/master/include/crm_internal.h#L39

 Once a user root\0bar is created, and CRM_DAEMON_USER is #undef we
can return TRUE. Haven't looked into further details here and I
think no sane admin will ever allow such a user. What do you guys
think?



/* For ACLs */ char *uid2username(uid_t uid); void
determine_request_user(char *user, xmlNode * request, const char
*field);

# if ENABLE_ACL # include <string.h> static inline gboolean 
is_privileged(const char *user) { if (user == NULL) { return
FALSE; } else if (strcmp(user, CRM_DAEMON_USER) == 0) {
<------------- #undef ? return TRUE; } else if (strcmp(user,
"root") == 0) { <------------------- err return TRUE; } return
FALSE; } # endif


Can attackers create their own user names or do admins have to create
the accounts (I know nothing about this software)? Also can you
confirm that "root\0bar actually allows ACL bypass with the
application in production? Thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQy89UAAoJEBYNRVNeJnmT+ZgP/RKlc9LyyfMlIPbeuJqOJSuB
CWWvUuYJWQfhIfniOLyxfDQtU+Bp+LkNyM4Mk5cfxDgLu4bCN4cClWBGTnbvcuDp
VRH0NOfOhNRf7TlZ5UAMzop5EMU1+3mb1XNA15EaxmShikKew98CabiArolSWpge
Y/2eZ5KoxdgHCFRwzWm2NjYGh4KFzgjQY5YkNfYCRuEhMDLAo9zq9gGlREYyHQ2c
SGxEg8jGhnsPF6voAqvZ6wXXMg3s2XmRmEFwC7erTvaPXQ5XNoW3amkEVrDBgeeo
DrMCCiYtiV2exUSxg55+MxlFQyzsp2u8bBxnHCK2bN7r/ZRt/IrLiva8EGn6ANwa
ge1wX3t+MwXZ0iZCjMNtqtK6XpRGfDlAb4nv403fS9waUI+6f/b8YzqooDGdc+SN
on/wX1NJ2HT30Q5d68cSGSK82N1/kl+QolyX9Q5jyAqxCHLyT8psLt9BXsFjH1K9
0eCIFOgoHNEQeh92MgHzQ1ynkPTRQSqIvXvpOyjZ1sdf+gT93jrRxqydV7/nBK7P
Hyt6MdJggBDTai259onIfbjTYavTsio1X1efrvAjxDrfa2HULvXW9QwrWPyUKzg4
JMC0RYzhoUeWg/yhnrUdPjwXuQwp04tzxeNjHWC25Cxs3OHVnBZL4Cbh3/74qt0Q
zvcBlk+wHZFb2njR4hhG
=7JbE
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]