From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 98026 invoked by alias); 2 Feb 2020 05:09:33 -0000 Mailing-List: contact bzip2-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Id: Sender: bzip2-devel-owner@sourceware.org Received: (qmail 93661 invoked by uid 48); 2 Feb 2020 05:09:29 -0000 From: "noloader at gmail dot com" To: bzip2-devel@sourceware.org Subject: =?UTF-8?B?W0J1ZyBiemlwMi8yNTQ5Ml0gTmV3OiBiemlwMi5jOiBpZ25vcmluZyByZXR1?= =?UTF-8?B?cm4gdmFsdWUgb2Yg4oCYZmNob3du4oCZ?= Date: Wed, 01 Jan 2020 00:00:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: bzip2 X-Bugzilla-Component: bzip2 X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: minor X-Bugzilla-Who: noloader at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: nobody at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2020-q1/txt/msg00002.txt https://sourceware.org/bugzilla/show_bug.cgi?id=3D25492 Bug ID: 25492 Summary: bzip2.c: ignoring return value of =E2=80=98fchown=E2=80= =99 Product: bzip2 Version: unspecified Status: UNCONFIRMED Severity: minor Priority: P2 Component: bzip2 Assignee: nobody at sourceware dot org Reporter: noloader at gmail dot com CC: bzip2-devel at sourceware dot org Target Milestone: --- This warning makes me feel uneasy. I believe a similar issue in a different function was exploited on Android to gain root privileges. I don't have a specific exploit in mind. It might be a good idea to audit t= he use of the function and ensure it is safe with and without root privileges. gcc -fpic -fPIC -Wall -D_FILE_OFFSET_BITS=3D64 -g2 -O2 -march=3Dnative -fP= IC -pthread -I. -L/usr/local/lib -Wl,-R,'$ORIGIN/../lib' -Wl,-R,/usr/local/lib -Wl,--enable-new-dtags -o bzip2-shared bzip2.c libbz2.1.0.8.so bzip2.c: In function =E2=80=98applySavedFileAttrToOutputFile=E2=80=99: bzip2.c:1073:4: warning: ignoring return value of =E2=80=98fchown=E2=80=99,= declared with attribute warn_unused_result [-Wunused-result] (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In the Android exploit, the return value of setuid() was not checked when r= oot attempted to drop privileges. Also see Android's Rage Against the Cage, https://thesnkchrmr.wordpress.com/2011/03/24/rageagainstthecage/. --=20 You are receiving this mail because: You are on the CC list for the bug.