Re: [chrony-dev] Drop cmdmon authentication?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Mon, Apr 27, 2015 at 11:10:40AM +0200, Miroslav Lichvar wrote:
> On Sat, Apr 25, 2015 at 07:26:53AM -0700, Bill Unruh wrote:
> > Of course, there is also the issue of unpriviledged people being given
> > permission to control and administer chrony. While sudo is a possibility, it
> > potentially does open up a local attack vector in which chronyc could be used
> > for priviledge escallation.
> 
> That is a good point. If we force the users to ssh+sudo, we should
> make sure the command parsing is good enough to not allow arbitrary
> code execution via crafted commands. The cmdmon code has been reviewed
> couple times already now, but I'm not sure if there was any thorough
> review of the chronyc code.

Just a follow up, I've been running chronyc in the afl fuzzer for
the past three weeks. It has found two assertion failures, there were
no real crashes or hangs so far. One assert is hit in the code that
converts floating point values to cmdmon format with not-a-number
(e.g. maxupdateskew nan). The other is in the allow/deny parsing when
there is no address before slash (e.g. allow /16).

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/