[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

To: Valdis Kletnieks <Valdis.Kletnieks@xxxxxx>
Subject: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
From: Ramon de C Valle <rcvalle@xxxxxxxxxx>
Date: Mon, 12 Dec 2011 19:19:20 -0500 (EST)

> If you're trying to do it with SELinux policy, that would require
> opening the
> locale file before the chroot, then changing the selinux context to
> something
> that can't open locale_t and then doing the chroot.  Unfortunately,
> that's fast
> approaching "cure is worse than the disease", because it means the
> initial
> context has to have the ability to change its context (in the
> standard selinux
> policy, that's restricted to only 2 or 3 binaries like 'newrole').
Actually, this is has no relation with binaries. Transitions are defined per 
domain in SELinux policy. For additional information, refer to:
http://danwalsh.livejournal.com/23944.html

> 
> We're lucky nobody has looked into what should happen on an
> MLS-enabled system :)
I don't think sensitivity levels would make any difference in this case in the 
current SELinux MLS policy.


-- 
Ramon de C Valle / Red Hat Security Response Team

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
  - From: Valdis . Kletnieks

References:
- Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] New awstats.pl vulnerability?
Next by Date: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Previous by thread: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Next by thread: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Index(es):
- Date
- Thread