[Beowulf] Heads up - Stack-Clash local root vulnerability

Christopher Samuel samuel at unimelb.edu.au
Wed Jun 21 17:09:03 PDT 2017


On 22/06/17 06:54, mathog wrote:

> Most end user code would not need to be recompiled, since it does not
> run with privileges.

Ah, that's a very interesting point, the advisory doesn't explicitly
mention it but of course all the CVE's for applications (Exim, sudo, su,
at, etc) relate to to setuid binaries, plus this one:

- a local-root exploit against ld.so and most SUID-root binaries
  (CVE-2017-1000366, CVE-2017-1000379) on amd64 Debian, Ubuntu, Fedora,
  CentOS;

So yes, you are quite right, this (currently) doesn't seem like
something you need to worry about with users own codes being copied onto
the system or containers utilised through Shifter and Singularity which
exist to disarm Docker containers.

Phew, thanks so much for pointing that out! :-)

All the best,
Chris
-- 
 Christopher Samuel        Senior Systems Administrator
 Melbourne Bioinformatics - The University of Melbourne
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545



More information about the Beowulf mailing list