[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47584: Race condition in ‘copy-account-skeletons’: possible privileg
|
From: |
Ludovic Courtès |
|
Subject: |
bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation. |
|
Date: |
Tue, 06 Apr 2021 13:57:08 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi Maxime,
Maxime Devos <maximedevos@telenet.be> skribis:
> On Mon, 2021-04-05 at 21:54 +0200, Ludovic Courtès wrote:
>> [...]
>>
>> OK. It does mean that the bug is hardly exploitable in practice: you
>> have to be able to log in at all,
> Yes.
>
>> and if you’re able to log in, you have
>> to log in precisely within the 1s (or less) that follows account
>> creation, which sounds challenging (TCP + SSH connection establishment
>> is likely to take as much time or more,
>
> Is logging in possible when the home directory doesn't exist?
I think so.
> An attacker could copy and paste, or have used a single-character password,
> to save some time.
Hmm yes. It’s a bit a far-fetched though: the attacker would have
passed the sysadmin the output of the ‘crypt’ procedure, such that the
sysadmin cannot know the password length.
>> Does it warrant as strong messaging as for the recent daemon
>> ‘--keep-failed’ vulnerability?
>
> As it is a one-time chance, with a limited window, and only under specific
> circumstances (creating a new user account), I don't think so. But I would
> still recommend to upgrade. Does the blog post have ‘too strong messaging’?
The blog post and info-guix messages are the highest levels of
visibility we can give, roughly. So I think we have to think twice
before doing that or truly important issues will eventually go
unnoticed.
The risk with this issue seems much lower than that of the keep-failed
issue, it even looks super low.
WDYT?
Ludo’.
- bug#47584: Race condition in ‘copy-account-skeletons’: possible privilege escalation., (continued)