oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

From: Steffen Nurpmeso <steffen () sdaoden eu>
Date: Fri, 18 Oct 2024 03:13:16 +0200
Hello.

Matthias Gerstner wrote in
 <ZxDKuqteocmdBDNx () kasco suse de>:
 |On Tue, Oct 15, 2024 at 10:21:35PM +0200, Solar Designer wrote:
 |> On Tue, Oct 15, 2024 at 03:17:34PM -0400, Demi Marie Obenour wrote:
 ...
 |From 345ae06e0f698bdb1e9b4529e5a882f12df04426 Mon Sep 17 00:00:00 2001
 |From: Matthias Gerstner <matthias.gerstner () suse de>
 |Date: Wed, 16 Oct 2024 09:58:35 +0200
 |Subject: [PATCH] usersfile: fix potential security issues in PAM module
 ...
 |+static int
 |+lock_usersfile (struct usersfile_ctx *ctx)
 |+{
 |+  /*
 |+   * There exist three file locking APIs:
 |+   *
 |+   * - flock(): this would be the simplest API, but it doesn't properly \
 |support
 |+   *   network file systems like NFS, which then causes a transparent \
 |fallback
 |+   *   to fcntl() file locking.
 |+   * - fcntl using F_SETLCK & friends: this lock is not based on the \
 |open file
 |+   *   description and thus cannot be inherited to child processes, \
 |which we
 |+   *   need to do.
 |+   * - fcntl using F_OFD_SETLCK & friends: this is a Linux specific \
 |lock that

It was added to and is part of POSIX.1-2024.

 |+   *   _is_ based on the open file description. It seems like the \
 |best bet for
 |+   *   our scenario.
 ...

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
Previous By Date Next
Previous By Thread Next

Current thread: