Stealing from the Debian-bugtracker: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597382 "" mingetty doesn't change current directory after chroot() call. It allows an attacker to call chdir("../") many times and get root directory. Also chdir(), chroot() and nice() are not checked for error return values. It allows an attacker to avoid local policy restriction in some cases. "" A quick peek into the source-code for the two stable ebuilds in the portage tree confirms that they are also affected. Please not also the additional security-fix in message 10 in the Debian-bugreport: "" Changes: mingetty (1.07-2) unstable; urgency=high . * Critical security patch: Fix unsafe chroot call. (Closes: #597382) * Checked dependencies for locusts. (Closes: http://xkcd.com/797/) "" Reproducible: Always
Created attachment 249166 [details, diff] The proposed patch on the Debian-bugtracker
(In reply to comment #0) > > A quick peek into the source-code for the two stable ebuilds in the portage > tree confirms that they are also affected. > net-dialup: Can you get in touch with upstream and confirm the proposed patch please? > Please not also the additional security-fix in message 10 in the > Debian-bugreport: > > "" > Changes: > mingetty (1.07-2) unstable; urgency=high > . > * Critical security patch: Fix unsafe chroot call. (Closes: #597382) > * Checked dependencies for locusts. (Closes: http://xkcd.com/797/) > "" Only Debian-based distributions are susceptible to this kind of attack. Gentoo is not vulnerable to locusts, only to flattery as per http://xkcd.com/424/. The Gentoo Security Team still advises to emerge app-admin/insecticide and apply when needed.</joking>
@maintainers: if you haven't heard from upstream, could we get that patch applied please? (/check if it's incorporated into 1.08)
@maintainers, still no patched applied.
commit b7f5ecdb823d96112c5e86a128c833a0c1aa1788 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Mon Feb 29 17:08:08 2016 net-dialup/mingetty: Fixed usage of unsafe chroot call (bug #339338). Package-Manager: portage-2.2.27 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> .../mingetty-1.08-check_chroot_chdir_nice.patch | 36 ++++++++++++++++++++++ net-dialup/mingetty/mingetty-1.08-r1.ebuild | 34 ++++++++++++++++++++ 2 files changed, 70 insertions(+)
@arches, please stabilize on the following: TARGET KEYWORDS = alpha, amd64, arm, hppa, ia64, ppc, ppc64, s390, sparc, x86
amd64 stable
Stable for HPPA PPC64.
ppc stable
arm stable
x86 stable
Stable on alpha.
@arches, please finish stabilization so we can move on to cleanup. Thanks.
sparc stable
ia64 stable. Maintainer(s), please cleanup.
Removing unstable arch. GLSA Vote: No @maintainer(s), please cleanup the vulnerable ebuild.
Cleaned: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92acc2e7a22c8aa53f7d650ea54fb79d69ff7c07
