Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
su to radiusd user/group when rotating logs #2666
This attack avenue seems quite unlikely to me. The other alternative is making the
@ret2libc " we are aware of a way to exploit this"
Uh... any thought that you might tell us about this? The email address
Is it common RedHat security practice to file for a CVE, and then never tell the authors about it?
On top of that, I'm skeptical of "security" issues which require already privileged access. If the "attacker" has access to the radiusd user, then he can run the RADIUS server, and authenticate anyone he wants. That's a huge security problem, too.
So maybe you need to issue another CVE saying "someone running as radiusd can run the RADIUS server"!
I'm more than a bit surprised at this process. It's utterly bizarre to not inform the authors of an issue, and file for a CVE without giving the authors any prior notification.
We will be issuing a PGP signed vendor statement about this process, along with our opinion of the validity of the CVE.
Do you have any feedback which mitigates the disastrous process you've used here?
Sorry for not using your security email first, but the issue was already public
For "a way to exploit this", you can see the reproducer in the first comment of
As you said, the flaw has limited impact, since it requires the attacker to
We do have very careful security response processes in place, but I agree in