[MPlayer-dev-eng] [PATCH] minor security fix to fibmap_mplayer
D Richard Felker III
dalias at aerifal.cx
Sat Nov 22 01:41:11 CET 2003
On Fri, Nov 21, 2003 at 09:06:45PM +0000, Adam Rice wrote:
> fibmap_mplayer as distributed opens the supplied filename as root. This can be
> used by an attacker to:
>
> a) Open devices in /dev. This can cause kernel modules to load and tapes to
> rewind. In some cases in may be possible for an attacker to crash the system
> by triggering module loading bugs such as race conditions.
>
> b) Test the existance of files the attacker wouldn't normally be able to
> access. This is not a major security hole in itself, but it can be used to
> gather data as part of an attack, and of course it's a privacy violation.
> Example: determine if root has a .bashrc file:
> > fibmap_mplayer /root/.bashrc
>
> The attached patch fixes these problems by dropping root privileges except for
> the FIBMAP ioctl itself. I've also tried to avoid writing any output with root
> privileges, as this has been associated with attacks on special files in /proc
> in the past.
>
> The patch applies cleanly against MPlayer-20031121 and MPlayer-1.0pre2. I've
> only tested it on Linux, I don't know if FIBMAP is even used on other
> systems.
>
> Adam Rice
IMO this should be applied or else fibmap should be removed entirely.
All the debug output is rather silly though. Silently exiting on
failure should work just as well -- failure shouldn't happen, and if
it does, the only reason you bail out is for security.
Rich
More information about the MPlayer-dev-eng
mailing list