You are not logged in.

#1 2022-12-03 03:15:10

palmighty
Member
Registered: 2021-04-06
Posts: 14

Socket Listeners

I tried picking the best place for this question and this seemed it. Not strictly arch specific though.

I ran the linpeas script on my system, out of curiosity and for maintenance, to check for possible PE exploits from my guest accounts. I understood most of what it reported back to me, fixed a couple of permission mistakes. But it also reported alerts on several 'writable listeners'. These were from legit core packages like systemd or nvidia.

For example the sockets it referenced as Writable were /run/libvirt/libvirt-sock and /run/nvidia-xdriver-1e20223d and a couple of others (jackctl, pcscd,...).

My question is why is a writable socket that these packages create considered a vulnerability? Should I do something about these? Aren't the sockets supposed to be writable (even by different users) to allow for process communication?

Offline

#2 2022-12-03 03:31:42

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,864
Website

Re: Socket Listeners

palmighty wrote:

My question is why is a writable socket that these packages create considered a vulnerability?

Answer 1) you should probably ask the author of the script your ran.
Answer 2) they shouldn't be.

palmighty wrote:

Should I do something about these?

You mean other than question the script you ran that flagged them?  Then no.

palmighty wrote:

Aren't the sockets supposed to be writable (even by different users) to allow for process communication?

Yup.  Doesn't this question answer your own first question?

Last edited by Trilby (2022-12-03 03:32:01)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#3 2022-12-03 13:53:43

palmighty
Member
Registered: 2021-04-06
Posts: 14

Re: Socket Listeners

Yeah, seemed weird so I asked just in case I'm missing something about sockets. I read some more about the script and I got it now.

In case anyone else is wondering, the PE pentest script considers it a potential vulnerability solely if the privileged process' is so badly written that it would directly execute (e.g. os.system()) the stream from the socket, or at least make it possible to inject a command.

For the usual well known processes and carefully written software this is very unlikely to be an issue, but they warn about it just in case.

Last edited by palmighty (2022-12-03 13:53:55)

Offline

Board footer

Powered by FluxBB