On Tue, Mar 20, 2007 at 11:42:14PM -0700, Russ Allbery wrote: > Steve Langasek <[EMAIL PROTECTED]> writes:
> > Can you explain how this is exploitable? In CVE-2006-2916, the > > description is "allows local users to gain root privileges by causing > > setuid to fail". um... how is an unprivileged local user going to cause > > setuid() to fail? > By exceeding a resource limit for the target UID to which root is trying > to setuid. Or by somehow triggering the kernel bug that we're currently > observing on one of our servers that seems related, which is preventing > root from successfully doing setuid to nobody. Heh, ok. > There were a ton of security-related updates to various packages a while > back due to various iterations of this problem. (Although as I recall you > were involved in some of those updates, so maybe I'm stating the obvious > to someone who knows better and you understand this all better than I do.) Wow, if I was involved with them, it's completely fallen out of the wetware cache. :) Perhaps that explains the vague tickle asking whether ulimits would be an issue here... Unblocked, then; Sam, I'd still appreciate seeing the error message fixed since we're updating the package anyway. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
