diff options
author | Anthony Ryan <anthonyryan1@gmail.com> | 2018-03-24 13:01:08 -0400 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2018-03-24 23:24:35 -0700 |
commit | 7ff49d49de14856c0ec3f6c828ff2089fcc8425c (patch) | |
tree | 1e386e07d75b7f4f1f1d7c42e60a8f68c37be928 /extstore.c | |
parent | 7f2c52d38c35d7b7a9a408bc706fddbaa3540f36 (diff) | |
download | memcached-7ff49d49de14856c0ec3f6c828ff2089fcc8425c.tar.gz |
Drop supplementary groups in addition to setgid
When launching as root, we drop permissions to run as a specific
user, however the way this is done fails to drop supplementary
groups from the process.
On many systems, the root user is a member of many groups used to
guard important system files. If we neglect to drop these groups
it's still possible for a compromised memcached instance to access
critical system files as though it were running with root level
permissions.
On any given system `grep root /etc/group` will reveal all the
groups root is a member of, and memcached will have access to
any file these groups are authorized for, in spite of our attempts
to drop this access.
It's possible to test if a given memcached instance is affected by
this and running with elevated permissions by checking the respective
line in procfs: `grep Groups /proc/$pid/status`
If any groups are listed, memcached would have access to everything
the listed groups have access to. After this patch no groups will
be listed and memcached will be locked down properly.
Diffstat (limited to 'extstore.c')
0 files changed, 0 insertions, 0 deletions