lechatp / rootasrole Goto Github PK
View Code? Open in Web Editor NEWA memory-safe and security-oriented alternative to sudo/su commands
Home Page: https://lechatp.github.io/RootAsRole/
License: GNU General Public License v3.0
A memory-safe and security-oriented alternative to sudo/su commands
Home Page: https://lechatp.github.io/RootAsRole/
License: GNU General Public License v3.0
Authentication of lechatp...
Password:
XPath error : Invalid predicate
//role[users/user[@name="lechatp"]/commands/command/text()='bin/capable -c 'echo bobo'' or count(users/user[@name="lechatp" and count(commands)=0])>0]
^
XPath error : Invalid expression
//role[users/user[@name="lechatp"]/commands/command/text()='bin/capable -c 'echo bobo'' or count(users/user[@name="lechatp" and count(commands)=0])>0]
^
XPath error : Invalid predicate
XPath error : Invalid expression
Command is not found in configuration or not allowed: Success
ansi_term is Unmaintained
Details | |
---|---|
Status | unmaintained |
Package | ansi_term |
Version | 0.12.1 |
URL | ogham/rust-ansi-term#72 |
Date | 2021-08-18 |
The maintainer has advised that this crate is deprecated and will not receive any maintenance.
The crate does not seem to have much dependencies and may or may not be ok to use as-is.
Last release seems to have been three years ago.
The below list has not been vetted in any way and may or may not contain alternatives;
See advisory page for additional details.
Potential segfault in the time crate
Details | |
---|---|
Package | time |
Version | 0.1.45 |
URL | time-rs/time#293 |
Date | 2020-11-18 |
Patched versions | >=0.2.23 |
Unaffected versions | =0.2.0,=0.2.1,=0.2.2,=0.2.3,=0.2.4,=0.2.5,=0.2.6 |
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
The affected functions from time 0.2.7 through 0.2.22 are:
time::UtcOffset::local_offset_at
time::UtcOffset::try_local_offset_at
time::UtcOffset::current_local_offset
time::UtcOffset::try_current_local_offset
time::OffsetDateTime::now_local
time::OffsetDateTime::try_now_local
The affected functions in time 0.1 (all versions) are:
at
at_utc
now
Non-Unix targets (including Windows and wasm) are unaffected.
Pending a proper fix, the internal method that determines the local offset has been modified to always return None
on the affected operating systems. This has the effect of returning an Err
on the try_*
methods and UTC
on the non-try_*
methods.
Users and library authors with time in their dependency tree should perform cargo update
, which will pull in the updated, unaffected code.
Users of time 0.1 do not have a patch and should upgrade to an unaffected version: time 0.2.23 or greater or the 0.3 series.
A possible workaround for crates affected through the transitive dependency in chrono
, is to avoid using the default oldtime
feature dependency of the chrono
crate by disabling its default-features
and manually specifying the required features instead.
Cargo.toml
:
chrono = { version = "0.4", default-features = false, features = ["serde"] }
chrono = { version = "0.4.22", default-features = false, features = ["clock"] }
Commandline:
cargo add chrono --no-default-features -F clock
Sources:
See advisory page for additional details.
Any GUI program won't work (firefox, gedit etc.)
Any program uses environnment variable will work (example : gcc)
Hello, When trying to compile the ebpf folder I got a lot of union def error on Ubuntu 16.04.6 LTS. Any idea on what could cause this?
Best, Thomas F.
tflayols@obamisan:ebpf$ make
make: stat: obj/bpf.o : Permission non accordée
gcc -O2 -Wall -pedantic -I ./ -g -o obj/bpf.o -c src/bpf.c
In file included from src/bpf.c:22:0:
src/bpf.h:46:58: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
int bpf_prog_attach(int prog_fd, int attachable_fd, enum bpf_attach_type type,
^
src/bpf.h:47:7: warning: ‘enum bpf_attach_type’ declared inside parameter list
unsigned int flags);
^
src/bpf.h:47:7: warning: its scope is only this definition or declaration, which is probably not what you want
src/bpf.h:48:45: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
int bpf_prog_detach(int attachable_fd, enum bpf_attach_type type);
^
src/bpf.h:48:45: warning: ‘enum bpf_attach_type’ declared inside parameter list
src/bpf.c: In function ‘bpf_create_map’:
src/bpf.c:62:6: error: ‘union bpf_attr’ has no member named ‘map_flags’
attr.map_flags = map_flags;
^
src/bpf.c: At top level:
src/bpf.c:165:54: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
int bpf_prog_attach(int prog_fd, int target_fd, enum bpf_attach_type type,
^
src/bpf.c:166:7: warning: ‘enum bpf_attach_type’ declared inside parameter list
unsigned int flags)
^
src/bpf.c:165:70: error: parameter 3 (‘type’) has incomplete type
int bpf_prog_attach(int prog_fd, int target_fd, enum bpf_attach_type type,
^
src/bpf.c: In function ‘bpf_prog_attach’:
src/bpf.c:171:6: error: ‘union bpf_attr’ has no member named ‘target_fd’
attr.target_fd = target_fd;
^
src/bpf.c:172:6: error: ‘union bpf_attr’ has no member named ‘attach_bpf_fd’
attr.attach_bpf_fd = prog_fd;
^
src/bpf.c:173:6: error: ‘union bpf_attr’ has no member named ‘attach_type’
attr.attach_type = type;
^
src/bpf.c:174:6: error: ‘union bpf_attr’ has no member named ‘attach_flags’
attr.attach_flags = flags;
^
src/bpf.c:176:17: error: ‘BPF_PROG_ATTACH’ undeclared (first use in this function)
return sys_bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
^
src/bpf.c:176:17: note: each undeclared identifier is reported only once for each function it appears in
src/bpf.c: At top level:
src/bpf.c:179:41: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
int bpf_prog_detach(int target_fd, enum bpf_attach_type type)
^
src/bpf.c:179:41: warning: ‘enum bpf_attach_type’ declared inside parameter list
src/bpf.c:179:57: error: parameter 2 (‘type’) has incomplete type
int bpf_prog_detach(int target_fd, enum bpf_attach_type type)
^
src/bpf.c: In function ‘bpf_prog_detach’:
src/bpf.c:184:6: error: ‘union bpf_attr’ has no member named ‘target_fd’
attr.target_fd = target_fd;
^
src/bpf.c:185:6: error: ‘union bpf_attr’ has no member named ‘attach_type’
attr.attach_type = type;
^
src/bpf.c:187:17: error: ‘BPF_PROG_DETACH’ undeclared (first use in this function)
return sys_bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
^
src/bpf.c: In function ‘bpf_prog_attach’:
src/bpf.c:177:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
src/bpf.c: In function ‘bpf_prog_detach’:
src/bpf.c:188:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
Makefile:61 : la recette pour la cible « obj/bpf.o » a échouée
make: *** [obj/bpf.o] Erreur 1
When creating a role with insufficient parameters (no users/groups), the role created is incorrect.
addrole test cap_dac_override -c ls
<role name="test">
<capabilities>
<capability>cap_sys_admin</capability>
</capabilities>
<commands>
<command>ls</command>
</commands>
</role>
An error, Respecting the DTD, role must have actor to have command.
Describe the bug
Saving created Roles via chsr is not working.
Error Message:
unable to retrieve allow-root
tried it with several users (root, personal account)
Desktop (please complete the following information):
Issue
I tried RootAsRole on an RHEL 8 Host.
The tool capable only gives empty output:
Here's all capabilities intercepted for this program :
WARNING: These capabilities aren't mandatory, but can change the behavior of tested program.
WARNING: CAP_SYS_ADMIN is rarely needed and can be very dangerous to grant
I think it does not work with the RHEL kernel ?
To Reproduce
execute the command on rhel, example capable yum update -y
.
Desktop (please complete the following information):
on Ubuntu 16.04 HP portable desktop :
jacksparrow@ubuntu $ sr -c "echo bobo"
Authentication of jacksparrow...
Password:
*** Error in `sr': malloc(): memory corruption: 0x0000000000c69c40 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fd3bcf4f7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7fd3bcf5a13e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fd3bcf5c184]
/usr/lib/x86_64-linux-gnu/libxml2.so.2(xmlXPathNewContext+0x17)[0x7fd3bd35afa7]
sr[0x403d81]
sr[0x40419c]
sr[0x402f09]
sr[0x405bf5]
sr[0x405477]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fd3bcef8830]
sr[0x401eb9]
======= Memory map: ========
00400000-00408000 r-xp 00000000 b3:02 269591 /usr/bin/sr
00608000-00609000 r--p 00008000 b3:02 269591 /usr/bin/sr
00609000-0060a000 rw-p 00009000 b3:02 269591 /usr/bin/sr
00c4e000-00c80000 rw-p 00000000 00:00 0 [heap]
7fd3b4000000-7fd3b4021000 rw-p 00000000 00:00 0
7fd3b4021000-7fd3b8000000 ---p 00000000 00:00 0
7fd3b8229000-7fd3b8230000 r-xp 00000000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b8230000-7fd3b842f000 ---p 00007000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b842f000-7fd3b8430000 r--p 00006000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b8430000-7fd3b8431000 rw-p 00007000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b8c43000-7fd3b8c5b000 r-xp 00000000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8c5b000-7fd3b8e5a000 ---p 00018000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8e5a000-7fd3b8e5b000 r--p 00017000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8e5b000-7fd3b8e5c000 rw-p 00018000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8e5c000-7fd3b8e60000 rw-p 00000000 00:00 0
7fd3b9745000-7fd3b9750000 r-xp 00000000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b9750000-7fd3b994f000 ---p 0000b000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b994f000-7fd3b9950000 r--p 0000a000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b9950000-7fd3b9951000 rw-p 0000b000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b9951000-7fd3b9957000 rw-p 00000000 00:00 0
7fd3b9957000-7fd3b9962000 r-xp 00000000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9962000-7fd3b9b61000 ---p 0000b000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9b61000-7fd3b9b62000 r--p 0000a000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9b62000-7fd3b9b63000 rw-p 0000b000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9b63000-7fd3b9b79000 r-xp 00000000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9b79000-7fd3b9d78000 ---p 00016000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9d78000-7fd3b9d79000 r--p 00015000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9d79000-7fd3b9d7a000 rw-p 00016000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9d7a000-7fd3b9d7c000 rw-p 00000000 00:00 0
7fd3b9d7c000-7fd3b9d84000 r-xp 00000000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9d84000-7fd3b9f83000 ---p 00008000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9f83000-7fd3b9f84000 r--p 00007000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9f84000-7fd3b9f85000 rw-p 00008000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9f85000-7fd3b9f9b000 r-xp 00000000 b3:02 1444684 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fd3b9f9b000-7fd3ba19a000 ---p 00016000 b3:02 1444684 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fd3ba19a000-7fd3ba19b000 rw-p 00015000 b3:02 1444684 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fd3ba19b000-7fd3ba30d000 r-xp 00000000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba30d000-7fd3ba50d000 ---p 00172000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba50d000-7fd3ba517000 r--p 00172000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba517000-7fd3ba519000 rw-p 0017c000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba519000-7fd3ba51d000 rw-p 00000000 00:00 0
7fd3ba51d000-7fd3bbdd3000 r-xp 00000000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbdd3000-7fd3bbfd2000 ---p 018b6000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbfd2000-7fd3bbfd3000 r--p 018b5000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbfd3000-7fd3bbfd4000 rw-p 018b6000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbfd4000-7fd3bc0dc000 r-xp 00000000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc0dc000-7fd3bc2db000 ---p 00108000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc2db000-7fd3bc2dc000 r--p 00107000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc2dc000-7fd3bc2dd000 rw-p 00108000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc2dd000-7fd3bc2fe000 r-xp 00000000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc2fe000-7fd3bc4fd000 ---p 00021000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc4fd000-7fd3bc4fe000 r--p 00020000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc4fe000-7fd3bc4ff000 rw-p 00021000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc4ff000-7fd3bc518000 r-xp 00000000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc518000-7fd3bc717000 ---p 00019000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc717000-7fd3bc718000 r--p 00018000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc718000-7fd3bc719000 rw-p 00019000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc719000-7fd3bc898000 r-xp 00000000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bc898000-7fd3bca98000 ---p 0017f000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bca98000-7fd3bcaa8000 r--p 0017f000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bcaa8000-7fd3bcaa9000 rw-p 0018f000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bcaa9000-7fd3bcaad000 rw-p 00000000 00:00 0
7fd3bcaad000-7fd3bcab0000 r-xp 00000000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bcab0000-7fd3bccaf000 ---p 00003000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bccaf000-7fd3bccb0000 r--p 00002000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bccb0000-7fd3bccb1000 rw-p 00003000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bccb1000-7fd3bcccd000 r-xp 00000000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcccd000-7fd3bcecc000 ---p 0001c000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcecc000-7fd3bcecd000 r--p 0001b000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcecd000-7fd3bcece000 rw-p 0001c000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcece000-7fd3bced8000 rw-p 00000000 00:00 0
7fd3bced8000-7fd3bd098000 r-xp 00000000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd098000-7fd3bd298000 ---p 001c0000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd298000-7fd3bd29c000 r--p 001c0000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd29c000-7fd3bd29e000 rw-p 001c4000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd29e000-7fd3bd2a2000 rw-p 00000000 00:00 0
7fd3bd2a2000-7fd3bd453000 r-xp 00000000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd453000-7fd3bd652000 ---p 001b1000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd652000-7fd3bd65a000 r--p 001b0000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd65a000-7fd3bd65c000 rw-p 001b8000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd65c000-7fd3bd65d000 rw-p 00000000 00:00 0
7fd3bd65d000-7fd3bd660000 r-xp 00000000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd660000-7fd3bd85f000 ---p 00003000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd85f000-7fd3bd860000 r--p 00002000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd860000-7fd3bd861000 rw-p 00003000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd861000-7fd3bd86e000 r-xp 00000000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bd86e000-7fd3bda6d000 ---p 0000d000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bda6d000-7fd3bda6e000 r--p 0000c000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bda6e000-7fd3bda6f000 rw-p 0000d000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bda6f000-7fd3bda73000 r-xp 00000000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bda73000-7fd3bdc73000 ---p 00004000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bdc73000-7fd3bdc74000 r--p 00004000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bdc74000-7fd3bdc75000 rw-p 00005000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bdc75000-7fd3bdc9b000 r-xp 00000000 b3:02 1439061 /lib/x86_64-linux-gnu/ld-2.23.so
7fd3bde75000-7fd3bde7f000 rw-p 00000000 00:00 0
7fd3bde99000-7fd3bde9a000 rw-p 00000000 00:00 0
7fd3bde9a000-7fd3bde9b000 r--p 00025000 b3:02 1439061 /lib/x86_64-linux-gnu/ld-2.23.so
7fd3bde9b000-7fd3bde9c000 rw-p 00026000 b3:02 1439061 /lib/x86_64-linux-gnu/ld-2.23.so
7fd3bde9c000-7fd3bde9d000 rw-p 00000000 00:00 0
7ffd7e85c000-7ffd7e87d000 rw-p 00000000 00:00 0 [stack]
7ffd7e904000-7ffd7e907000 r--p 00000000 00:00 0 [vvar]
7ffd7e907000-7ffd7e909000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)
Multiple soundness issues in
owning_ref
Details | |
---|---|
Package | owning_ref |
Version | 0.4.1 |
URL | https://github.com/noamtashma/owning-ref-unsoundness |
Date | 2022-01-26 |
OwningRef::map_with_owner
is unsound and may result in a use-after-free.OwningRef::map
is unsound and may result in a use-after-free.OwningRefMut::as_owner
and OwningRefMut::as_owner_mut
are unsound and may result in a use-after-free.noalias
attribute.No patched versions are available at this time. While a pull request with some fixes is outstanding, the maintainer appears to be unresponsive.
See advisory page for additional details.
there seems to be 2 identical tests, is this supposed to be?
Out-of-bounds write in nix::unistd::getgrouplist
Details | |
---|---|
Package | nix |
Version | 0.20.0 |
URL | nix-rust/nix#1541 |
Date | 2021-09-27 |
Patched versions | ^0.20.2,^0.21.2,^0.22.2,>=0.23.0 |
Unaffected versions | <0.16.0 |
On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist
function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.
The libc getgrouplist
function takes an in/out parameter ngroups
specifying the size of the group buffer. When the buffer is too small to
hold all of the requested user's group memberships, some libc
implementations, including glibc and Solaris libc, will modify ngroups
to indicate the actual number of groups for the user, in addition to
returning an error. The version of nix::unistd::getgrouplist
in nix
0.16.0 and up will resize the buffer to twice its size, but will not
read or modify the ngroups
variable. Thus, if the user has more than
twice as many groups as the initial buffer size of 8, the next call to
getgrouplist
will then write past the end of the buffer.
The issue would require editing /etc/groups to exploit, which is usually
only editable by the root user.
See advisory page for additional details.
Is your feature request related to a problem? Please describe.
Config file could be manually problematic.
Describe the solution you'd like
A JSON5 file configuration. and being schema validated through
Describe alternatives you've considered
Yaml and JSON does not really solve usability issue, so JSON5 may be a good answer. KDL is promising but maybe less compatible than json5.
Additional context
This is following many conversations in reddit and on linuxFR.
Describe the solution you'd like
Create release binaries for Linux common distros
Describe alternatives you've considered
It needs more security audit before.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.