[systemd-bugs] [Bug 87354] New: systemd-coredump can run elfutils as root
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Dec 16 01:03:11 PST 2014
https://bugs.freedesktop.org/show_bug.cgi?id=87354
Bug ID: 87354
Summary: systemd-coredump can run elfutils as root
Product: systemd
Version: unspecified
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: general
Assignee: systemd-bugs at lists.freedesktop.org
Reporter: bugzilla at hadess.net
QA Contact: systemd-bugs at lists.freedesktop.org
If a process running as root crashed, systemd-coredump would change the
effective uid/gid to that of the crashing program.
So a carefully crafted coredump could hit elfutils parsing bugs to run
arbitrary programs as the same user that crashed.
The solution would be to avoid running elfutils code as any privileged user.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20141216/25244f66/attachment.html>
More information about the systemd-bugs
mailing list