oss-sec mailing list archives
Re: tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337)
From: Matthias Gerstner <mgerstner () suse de>
Date: Fri, 29 Nov 2024 11:03:53 +0100
Hello Simon, On Thu, Nov 28, 2024 at 12:14:07PM +0000, Simon McVittie wrote:
This should be easily resolvable if the authors of tuned want to do so, without needing to resort to relying on hard-to-predict cookie values. Clients of the D-Bus system bus can identify other clients of the system bus, by calling the GetConnectionCredentials method on the message bus itself (this is how polkit works).
[...]
(Behind the scenes, this is implemented by the message bus using SO_PEERCRED, SO_PEERSEC, etc. on each client connection, or the closest available equivalent of SO_PEERCRED on various non-Linux OSs.)
thanks for the hint! Relying on D-Bus and kernel features is surely the cleanest way to implement this. Cheers Matthias -- Matthias Gerstner <matthias.gerstner () suse de> Security Engineer https://www.suse.com/security GPG Key ID: 0x14C405C971923553 SUSE Software Solutions Germany GmbH HRB 36809, AG Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich
Attachment:
signature.asc
Description:
Current thread:
- tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) Matthias Gerstner (Nov 28)
- Re: tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) Simon McVittie (Nov 28)
- Re: tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) Matthias Gerstner (Nov 29)
- Re: tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337) Simon McVittie (Nov 28)