This bug was fixed in the package apport - 2.17.2-0ubuntu1
---
apport (2.17.2-0ubuntu1) vivid; urgency=medium
* New upstream bug fix release:
- SECURITY UPDATE: Disable crash forwarding to containers. The previous
fix in 2.17.1 was not sufficient against all attack
This bug was fixed in the package apport - 2.14.1-0ubuntu3.10
---
apport (2.14.1-0ubuntu3.10) trusty-security; urgency=medium
* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
- data/apport: temporarily disable container support until it can be
re-written
This bug was fixed in the package apport - 2.14.7-0ubuntu8.4
---
apport (2.14.7-0ubuntu8.4) utopic-security; urgency=medium
* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
- data/apport: temporarily disable container support until it can be
re-written in
** Also affects: apport
Importance: Undecided
Status: New
** Changed in: apport (Ubuntu Vivid)
Status: Confirmed = In Progress
** Changed in: apport (Ubuntu Vivid)
Assignee: (unassigned) = Martin Pitt (pitti)
** Changed in: apport (Ubuntu Vivid)
Importance: Undecided =
Ritesh: Please package the upcoming 2.17.2 instead, which will disable
this feature entirely and thus fix that bug too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1444518
Title:
Insecure
Fixed (aka disabled) upstream: http://bazaar.launchpad.net/~apport-
hackers/apport/trunk/revision/2948
** Changed in: apport
Status: In Progress = Fix Committed
** Changed in: apport
Assignee: Martin Pitt (pitti) = (unassigned)
--
You received this bug notification because you are
** Branch linked: lp:apport
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1444518
Title:
Insecure /proc/net/unix parsing
To manage notifications about this bug go to:
Fixed upstream in https://launchpad.net/apport/trunk/2.17.2
** Changed in: apport
Status: Fix Committed = Fix Released
** Changed in: apport (Ubuntu Vivid)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Patch added: Stéphane's proposed patch
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1444518/+attachment/4376296/+files/apport.patch
** Also affects: apport (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: apport (Ubuntu Vivid)
Importance: Undecided
Got a slightly better version of the patch. It does a chdir() to fix a
TOCTOU problem.
** Patch added: apport.diff
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1444518/+attachment/4376308/+files/apport.diff
--
You received this bug notification because you are a member of Ubuntu
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1444518
Title:
Insecure /proc/net/unix parsing
To manage notifications about this bug go to:
Hi Stéphane - Tavis pointed out[1] two additional issues with the patch
in comment #2.
1) The owner of the /proc/PID directory is controllable by executing a
setuid binary. You'll have to check the real UID of the process. That's
doable by parsing /proc/PID/status. The real UID is the first UID
Attaching an updated diff which should be fixing those two concerns.
** Patch added: apport.diff
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1444518/+attachment/4376695/+files/apport.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks! It all looks good to me except for the now unneeded 'ppid_stat =
os.stat(.)' line.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1444518
Title:
Insecure /proc/net/unix parsing
To manage
14 matches
Mail list logo