core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon coreemu

Security hole: CORE gives root access to ordinary users

Open eribertomota opened this issue 10 years ago • 6 comments

Hi,

I am the Debian maintainer of CORE. Recently, a bug opened[1] in Debian told us about a privilege escalation via core-gui.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799756

This issue will cause the CORE removal from Debian in some days[2].

[2] https://udd.debian.org/cgi-bin/autoremovals.cgi

To break the removal, I need upload a fix. It can be a patch or a new version. So, I would like to ask: is there a solution for this issue?

Thanks a lot in advance.

Regards,

Eriberto

eribertomota avatar Oct 10 '15 23:10 eribertomota

This has been raised in the mailing list here and is being discussed.

I am not sure there is any easy way around this but I am not one of the developers just a small contributor. Hopefully a way can be found to keep it in.

stuartmarsden avatar Oct 11 '15 21:10 stuartmarsden

Thanks for your reply Stuart.

I will wait for a decision. No matter what the circunstances, if no solution for Debian and if you want, I can join to the team to provide .deb packages. However, I hope that the developers find a solution for this relevant project still integrating Debian.

Regards,

Eriberto

2015-10-11 18:55 GMT-03:00 stuartmarsden [email protected]:

This has been raised in the mailing list here http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-October/001871.html and is being discussed.

I am not sure there is any easy way around this but I am not one of the developers just a small contributor. Hopefully a way can be found to keep it in.

— Reply to this email directly or view it on GitHub https://github.com/coreemu/core/issues/75#issuecomment-147249563.

eribertomota avatar Oct 11 '15 22:10 eribertomota

The GUI loophole is a byproduct of using vcmd, which provides root access within nodes. If vcmd was locked down to only be ran by sudo, would that solve this problem?

bharnden avatar Jun 05 '19 20:06 bharnden

Em qua, 5 de jun de 2019 às 17:59, bharnden [email protected] escreveu:

The GUI loophole is a byproduct of using vcmd, which provides root access within nodes. If vcmd was locked down to only be ran by sudo, would that solve this problem?

Hi @bharnden,

Thanks for your help. No, it don't solve the issue because a student will can access the main system in a university.

Regards,

Eriberto

eribertomota avatar Jun 30 '19 10:06 eribertomota

You realise that OpenVPN has exactly the same issue ..

TinCanTech avatar Sep 29 '21 01:09 TinCanTech

Has any work or investigation for this been done since the issue was created? I tried a couple links to email threads while trying to understand the history or if there were short-term patches that could be applied, but a good chunk of the links don't appear to be working after 7 years.

On a side note, this is a serious enough security problem that CORE maintainers may want to recharacterize this as a bug rather than an enhancement.

asteindev avatar May 11 '22 16:05 asteindev