[systemd-bugs] [Bug 87354] systemd-coredump can run elfutils as root
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Jan 8 12:55:57 PST 2015
https://bugs.freedesktop.org/show_bug.cgi?id=87354
--- Comment #5 from Zbigniew Jedrzejewski-Szmek <zbyszek at in.waw.pl> ---
Triggering an assert or segmentation fault can often be done relatively easy. I
don't know what kind of bugs elfutils might have, but I image that something
like an overlong function argument could lead to some issue. Both of those
things can imaginably be under attacker control. It is a basic security in
depth thing — we should try to make it harder to escalate. Running elfutils as
root with privileges should be avoided.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20150108/af446a53/attachment.html>
More information about the systemd-bugs
mailing list