Bugs item #3603899, was opened at 2013-02-08 18:29
Message generated for change (Comment added) made by danielel
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603899&group_id=95403

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: Yes
Submitted By: https://www.google.com/accounts ()
>Assigned to: renzo davoli (rd235)
Summary: unsafe use of dlopen(3)

Initial Comment:
Hello, while performing an audit of vde2 
(https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818) I found a bug; it 
may even be a security bug. If you decide this is a security issue, please 
contact the linux-distros security list to coordinate a release and request a 
CVE number. (See http://oss-security.openwall.org/wiki/mailing-lists/distros 
for details on using the linux-distros list. Note especially that [vs] is 
required in the Subject: header.)

                TRY_DLOPEN("%s%s", modname, MODULES_EXT);
                TRY_DLOPEN("%s%s/%s", homedir, USER_PLUGINS_DIR, modname);
                TRY_DLOPEN("%s%s/%s%s", homedir, USER_PLUGINS_DIR, modname, 
MODULES_EXT);
                TRY_DLOPEN("%s%s", PLUGINS_DIR, modname);
                TRY_DLOPEN("%s/%s%s", PLUGINS_DIR, modname, MODULES_EXT);

It is generally considered poor form to load executable content from the 
current working directory (as this code does if getenv("HOME") fails), and 
loading code from a home directory seems suspect to me. However, I do not know 
the design well enough to make this determination myself.

Please consider if this is unsafe or intentional. If it is intentional, make 
sure that the documentation accurately reflects the risk of allowing executable 
content to exist in current working directories or home directories.

----------------------------------------------------------------------

>Comment By: Daniele Lacamera (danielel)
Date: 2013-03-07 12:28

Message:
fixed in r555

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=611248&aid=3603899&group_id=95403

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
vde-users mailing list
vde-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vde-users

Reply via email to