[systemd-bugs] [Bug 87354] New: systemd-coredump can run elfutils as root

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Dec 16 01:03:11 PST 2014


https://bugs.freedesktop.org/show_bug.cgi?id=87354

            Bug ID: 87354
           Summary: systemd-coredump can run elfutils as root
           Product: systemd
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: systemd-bugs at lists.freedesktop.org
          Reporter: bugzilla at hadess.net
        QA Contact: systemd-bugs at lists.freedesktop.org

If a process running as root crashed, systemd-coredump would change the
effective uid/gid to that of the crashing program.

So a carefully crafted coredump could hit elfutils parsing bugs to run
arbitrary programs as the same user that crashed.

The solution would be to avoid running elfutils code as any privileged user.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20141216/25244f66/attachment.html>


More information about the systemd-bugs mailing list