A CVE has been announced for a security issue fixed in util-linux 2.29.2: http://openwall.com/lists/oss-security/2017/02/23/2 Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated util-linux packages fix security vulnerability: With the su command from util-linux before 2.29.2, it is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. SIGKILL can only be sent to processes which were executed after the su process. It is not possible to send SIGKILL to processes which were already running (CVE-2017-2616). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 http://openwall.com/lists/oss-security/2017/02/23/2 ======================== Updated packages in core/updates_testing: ======================== util-linux-2.25.2-3.5.mga5 libblkid1-2.25.2-3.5.mga5 libblkid-devel-2.25.2-3.5.mga5 libuuid1-2.25.2-3.5.mga5 libuuid-devel-2.25.2-3.5.mga5 uuidd-2.25.2-3.5.mga5 python-libmount-2.25.2-3.5.mga5 libmount1-2.25.2-3.5.mga5 libmount-devel-2.25.2-3.5.mga5 libsmartcols1-2.25.2-3.5.mga5 libsmartcols-devel-2.25.2-3.5.mga5 from util-linux-2.25.2-3.5.mga5.src.rpm
x86_64 real hardware Not sure how to interpret this. 1) Started MCC from a panel icon and checked the pids: $ ps aux | grep drakconf lcl 13716 0.0 0.1 80552 10876 ? S 14:51 0:00 /usr/bin/perl /usr/bin/drakconf root 13721 0.3 1.2 2792956 103684 ? Sl 14:51 0:00 /usr/bin/perl /usr/libexec/drakconf $ su ..... $ strace kill -s SIGKILL 13721 This certainly killed MCC, started before root login. The trace showed: kill(13721, SIGKILL) = 0 Installed these: util-linux-2.25.2-3.5.mga5 lib64blkid1-2.25.2-3.5.mga5 lib64blkid-devel-2.25.2-3.5.mga5 lib64uuid1-2.25.2-3.5.mga5 lib64uuid-devel-2.25.2-3.5.mga5 uuidd-2.25.2-3.5.mga5 python-libmount-2.25.2-3.5.mga5 lib64mount1-2.25.2-3.5.mga5 lib64mount-devel-2.25.2-3.5.mga5 lib64smartcols1-2.25.2-3.5.mga5 libsmartcols-devel-2.25.2-3.5.mga5 2) Carried out the same procedure, with the same result. It made no difference whether the privileged process was started before or after the su login. Either I have entirely missed the point of this update or it requires a different approach.
CC: (none) => tarazed25
I can't recreate the bug either. konsole 1 su - htop konsole 2 su -c 'strace htop' konsole 3 su -c 'kill $pid-of-strace' Results in strace stopping, and htop continuing, as I would expect, both before and after installing the update. I may also be misunderstanding how the bug can be replicated, or what the bug is. The fact that it's described as a race condition, indicates to me that it may only work "if you're lucky". I don't see how we can test this one. As such, the update will be accepted as long as util-linux passes basic tests for functionality (and hope that the fix does work). Since it seems to be so hard to replicate, and given the number of commands included in util-linux, let's give this one a day or so of normal usage to see if any problems are noticed.
CC: (none) => davidwhodgins
CC: (none) => lewyssmithWhiteboard: (none) => advisory
Trying M5 64-bit I tried the described fault before the update, and the targeted root process (started after 'su') was always killed. Updated to: lib64blkid1-2.25.2-3.5.mga5 lib64mount1-2.25.2-3.5.mga5 lib64smartcols1-2.25.2-3.5.mga5 lib64uuid1-2.25.2-3.5.mga5 util-linux-2.25.2-3.5.mga5 and tried more thoroughly: From a *terminal*, $ su Password: # From a *console* logged in as root, # top [hence it keeps running] From the terminal: # ps -aux | grep top root 11285 0.5 0.0 20376 2956 tty2 S+ 21:15 0:00 top # kill -s SIGKILL 11285 and console 'top' process was killed. So like my predecessors, this update is enigmatic. I agree with from Comment 2 "given the number of commands included in util-linux, let's give this one a day or so of normal usage to see if any problems are noticed".
MGA5-32 on Asus A6000VM Xfce No installation issues. No immediate ill effects, so I'll wait and see as suggested above.
CC: (none) => herman.viaene
Validating the update.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0072.html
Status: NEW => RESOLVEDResolution: (none) => FIXED