|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-bugs] [Bug 1777] New: the python script found in the xen-unstable repository at tools/security/python/xensec_gen/main.py attempts to drop privileges to the user 'nobody'. However,
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1777 Summary: the python script found in the xen-unstable repository at tools/security/python/xensec_gen/main.py attempts to drop privileges to the user 'nobody'. However, Product: Xen Version: unstable Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Tools AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx ReportedBy: db.pub.mail@xxxxxxxxx http://www.google.com/codesearch#4Wqoij9clTg/tools/security/python/xensec_gen/main.py&q=python%20setuid&sq=&ct=rc&cd=20 the python script found in the xen-unstable repository at tools/security/python/xensec_gen/main.py attempts to drop privileges to the user 'nobody'. However, it does not 'drop' groups correctly. the bug can be found in this code --> # Change the uid/gid of the process os.setgid( gid ) os.setuid( uid ) and because there is no called method to 'drop' the other groups (other than the nobody group) the program may continue executing with other group permissions. Here is some python code to demonstrate this behaviour: >>> import os >>> os.setgid(65534) >>> os.getgid() 65534 >>> os.setuid(65534) >>> os.getuid() 65534 >>> os.system("id") uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup),0(root) (note the presence of the 'root' group ). -- Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. _______________________________________________ Xen-bugs mailing list Xen-bugs@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-bugs
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |