On 11/1/18 5:08 PM, Cătălin George Feștilă wrote: > Good to know. > I don't know all about of these problems (setuid and protect with > SELinux - can de an good idea ). > I used F28, I think also is not fixed with F29. > $ ls -l /usr/libexec/Xorg.wrap > -rwsr-xr-x. 1 root root 11376 Apr 23 2018 /usr/libexec/Xorg.wrap >
SELinux can block the exploit if the "unconfined" module is disabled. I'm writing blog about it. When it will be ready, I add link also to this thread. Thanks, Lukas. > > On Thu, Nov 1, 2018 at 5:44 PM Chris Adams <li...@cmadams.net > <mailto:li...@cmadams.net>> wrote: > > Once upon a time, Cătălin George Feștilă <catalinf...@gmail.com > <mailto:catalinf...@gmail.com>> said: > > Thank you! > > > > On Thu, Nov 1, 2018 at 4:38 PM Reindl Harald > <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> wrote: > > > > > > > > > > > Am 01.11.18 um 15:33 schrieb Cătălin George Feștilă: > > > > > https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html > > > > > > https://fedoraproject.org/wiki/Features/RemoveSETUID > > > Targeted release: Fedora 15 > > > > > > ls -la /usr/bin/Xorg > > > -rwxr-xr-x 1 root root 273 2018-04-23 20:16 /usr/bin/Xorg > > That means nothing... that's just a shell script that calls: > > $ ls -l /usr/libexec/Xorg.wrap > -rwsr-xr-x. 1 root root 11376 Apr 12 2018 /usr/libexec/Xorg.wrap > > which is where the problem lies. I think SELinux should help (because > it should stop writes to lots of things), but I haven't seen a bug or > statement from Fedora about vulnerability. > > -- > Chris Adams <li...@cmadams.net <mailto:li...@cmadams.net>> > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > <mailto:devel@lists.fedoraproject.org> > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > <mailto:devel-le...@lists.fedoraproject.org> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > > > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
