Headline

CVE-2021-3982: Reevaluate usage of CAP_SYS_NICE (conflicts with AT_SECURE checks) (#2284) · Issues · GNOME / gnome-shell · GitLab

Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.

3 years ago

CVE

Open in Source

#mac #linux #git

If a binary program has set one or more capabilities, new_for_uri() returns a g_dummy_file() instead of a g_daemon_file(). It happens, at least, for “http://” URIs and the “trash:///” URI.

Also, in the same case, using set_attributes_from_info() fails to set a metadata:: attribute in a file.

I attach an example code that tests these three cases. Compile it with valac --pkg glib-2.0 --pkg gio-2.0 test_gvfs.vala and run it. It should work fine.

Now set a capability on the binary with sudo setcap cap_sys_nice+ep test_gvfs; running it again should fail.

Now remove the capabilities on the binary with sudo setcap -r test_gvfs; it should work again.

test_gvfs.vala

Edited Feb 28, 2020 by