[Bug 372070] New: open-vm-tools: suid binary
https://bugzilla.novell.com/show_bug.cgi?id=372070 Summary: open-vm-tools: suid binary Product: openSUSE 11.0 Version: Alpha 3 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: prusnak@novell.com QAContact: qa@suse.de Found By: --- I created new package open-vm-tools. These are tools that could be installed when openSUSE is running in VMware. It contains one binary that should be packaged as suid root. If it is not, only root on guest system can access Shared files from host system. i586/open-vm-tools-2008.03.11-1.i586.rpm: -rwsr-xr-x 1 root root 43124 Mar 18 15:44 /usr/sbin/mount.vmhgfs file /usr/sbin/mount.vmhgfs is packaged with suid/sgid permissions but is not listed in any of /etc/permissions* please contact security team -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|open-vm-tools: suid binary |AUDIT-0: open-vm-tools: suid binary -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c1 --- Comment #1 from Marcus Meissner <meissner@novell.com> 2008-03-18 13:49:33 MST --- its likely to be placed in /sbin if it is a mount helper binary. what filesystem is this? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c2 --- Comment #2 from Pavol Rusnak <prusnak@novell.com> 2008-03-18 15:57:01 MST --- This filesystem allows to share files between host OS and guest OS installed in VMware. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c3 Pavol Rusnak <prusnak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |security-team@suse.de --- Comment #3 from Pavol Rusnak <prusnak@novell.com> 2008-04-11 07:56:01 MST --- Any news? Package is now submitted to STABLE and is failing because of this. I will move binary to /sbin if you want. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c4 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|security-team@suse.de | --- Comment #4 from Ludwig Nussel <lnussel@novell.com> 2008-04-11 08:14:21 MST --- the package is not prepared for handling setiud binaries. Please have a look at the packaging howto. It describes how %verifyscript, attributes etc should look like. Also don't package the binary with setuid bit set by default, the package will build then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c5 --- Comment #5 from Pavol Rusnak <prusnak@novell.com> 2008-04-23 07:22:11 MST --- I submitted new package hopefully with the right use of permission scripts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c6 --- Comment #6 from Ludwig Nussel <lnussel@novell.com> 2008-04-23 07:28:45 MST --- Almost :-) %verifyscript is a tag of it's own just like %post. You've mixed %post and %verifyscript: %post %run_permissions %verifyscript %verify_permissions -e /sbin/mount.vmhgfs /sbin/ldconfig %{fillup_and_insserv vmware-guest} That means that ldconfig and fillup are called when you run rpm -V rather than in %post. See also $ rpm -qp --scripts /work/CDs/all/full-i386/suse/i586/open-vm-tools.rpm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c7 --- Comment #7 from Pavol Rusnak <prusnak@novell.com> 2008-04-23 07:41:42 MST --- Submitted again :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 Pavol Rusnak <prusnak@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Found By|--- |Development -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement Priority|P5 - None |P4 - Low -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c8 --- Comment #8 from Thomas Biege <thomas@novell.com> 2009-03-19 06:06:11 MST --- Is a code review still needed here? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c9 --- Comment #9 from Pavol Rusnak <prusnak@novell.com> 2009-03-19 06:48:37 MST --- Thomas: Yes, please. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c10 --- Comment #10 from Thomas Biege <thomas@novell.com> 2009-03-19 07:39:02 MST --- It is dir hgfsmounter/ right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c11 --- Comment #11 from Thomas Biege <thomas@novell.com> 2009-03-19 07:39:58 MST --- Yes... checked Makefile.am ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c12 --- Comment #12 from Thomas Biege <thomas@novell.com> 2009-03-19 07:41:04 MST --- 1.) main() is vulnerable to a race condition as it seems and mount() would use an arbitrary traget dir. mntRes = mount(shareName, mountPoint, HGFS_NAME, flags, &mountInfo); // XXX tom: mountPoint can be replaced after checks above are passed! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c13 --- Comment #13 from Thomas Biege <thomas@novell.com> 2009-03-19 07:45:00 MST --- So, NO setuid root flag for this one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c14 --- Comment #14 from Pavol Rusnak <prusnak@novell.com> 2009-03-19 07:54:09 MST --- Thomas: is issue mentioned in comment #12 the only issue blocking the setuid bit ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=372070 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=372070#c15 --- Comment #15 from Thomas Biege <thomas@novell.com> 2009-03-19 08:03:06 MST --- Yes... so far I did not find anything more. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com