On Fri, May 29, 2020 at 10:23:58PM -0500, Eric W. Biederman wrote:
> Kees Cook writes:
> > I wish we had more robust execve tests. :(
>
> I think you have more skill at writing automated tests than I do. So
> feel free to write some.
Yeah, my limiting factor is available time. No worries; I
Kees Cook writes:
> On Fri, May 29, 2020 at 11:46:40AM -0500, Eric W. Biederman wrote:
>>
>> There is a small bug in the code that recomputes parts of bprm->cred
>> for every bprm->file. The code never recomputes the part of
>> clear_dangerous_personality_flags it is responsible for.
>>
>>
On Fri, May 29, 2020 at 11:46:40AM -0500, Eric W. Biederman wrote:
>
> There is a small bug in the code that recomputes parts of bprm->cred
> for every bprm->file. The code never recomputes the part of
> clear_dangerous_personality_flags it is responsible for.
>
> Which means that in practice
There is a small bug in the code that recomputes parts of bprm->cred
for every bprm->file. The code never recomputes the part of
clear_dangerous_personality_flags it is responsible for.
Which means that in practice if someone creates a sgid script
the interpreter will not be able to use any
4 matches
Mail list logo