[Bug 1225574] New: AUDIT-FIND: apache2-mod_mono: configuration defaults to predictable socket path in /tmp
https://bugzilla.suse.com/show_bug.cgi?id=1225574 Bug ID: 1225574 Summary: AUDIT-FIND: apache2-mod_mono: configuration defaults to predictable socket path in /tmp Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: wolfgang.frisch@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- apache2-mod_mono, by default, creates a socket `/tmp/mod_mono_server_global`, allowing unprivileged users to break the module by creating an identically named file in that location. However a) this behavior is documented b) it is mitigated by a systemd hardening in the apache2 package:
[Unit] Description=The Apache Webserver After=network.target nss-lookup.target time-sync.target remote-fs.target Before=getty@tty1.service plymouth-quit.service xdm.service PartOf=apache2.target [Service] Type=notify PrivateTmp=true -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 https://bugzilla.suse.com/show_bug.cgi?id=1225574#c2 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |WONTFIX --- Comment #2 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- Not following up on this, as it is mitigated by our apache2 systemd config. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WONTFIX |--- Status|RESOLVED |REOPENED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Comment #3 is|1 |0 private| | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 https://bugzilla.suse.com/show_bug.cgi?id=1225574#c4 --- Comment #4 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- Side note: When the problem is mitigated by systemd PrivateTmp, the socket and thus the module become quite useless, which is another reason to change the default. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |wolfgang.frisch@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225574 https://bugzilla.suse.com/show_bug.cgi?id=1225574#c5 Wolfgang Frisch <wolfgang.frisch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|REOPENED |RESOLVED --- Comment #5 from Wolfgang Frisch <wolfgang.frisch@suse.com> --- OK, so the upstream project has not seen any functional changes since 2014 and the repository on GitHub has been archived since 2022. It's rather safe to assume there is no upstream to report this to. Closing because we're not affected and upstream is dead. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com