RHSA-2011:0414-01 -- Redhat policycoreutils and selinux-policyID: oval:org.secpod.oval:def:500230 | Date: (C)2012-01-31 (M)2023-02-20 |
Class: PATCH | Family: unix |
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare. Red Hat would like to thank Tavis Ormandy for reporting this issue. This update also introduces the following changes: * The seunshare utility was moved from the main policycoreutils subpackage to the policycoreutils-sandbox subpackage. This utility is only required by the sandbox feature and does not need to be installed by default. * Updated selinux-policy packages that add the SELinux policy changes required by the seunshare fixes. All policycoreutils users should upgrade to these updated packages, which correct this issue.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
policycoreutils |
selinux-policy |