Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 132421 Details for
Bug 194550
app-admin/rmake <1.0.12 local priv escalation issue (CVE-2007-5194)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from rpath to fix this issue
rmake.patch (text/plain), 2.57 KB, created by
Jonathan Smith (RETIRED)
on 2007-10-02 20:36:16 UTC
(
hide
)
Description:
patch from rpath to fix this issue
Filename:
MIME Type:
Creator:
Jonathan Smith (RETIRED)
Created:
2007-10-02 20:36:16 UTC
Size:
2.57 KB
patch
obsolete
>diff -r 2395fd0e223a -r caa60cae1e5a commands/chroothelper.h.in >--- a/commands/chroothelper.h.in Mon Oct 01 18:11:22 2007 -0400 >+++ b/commands/chroothelper.h.in Tue Oct 02 15:39:19 2007 -0400 >@@ -29,10 +29,10 @@ struct devinfo_t { > > struct devinfo_t devices[] = { > { "null", S_IFCHR, 0666, 1, 3 }, >- { "zero", S_IFCHR, 0644, 1, 4 }, >- { "urandom", S_IFCHR, 0666, 1, 9 }, >+ { "zero", S_IFCHR, 0666, 1, 5 }, >+ { "urandom", S_IFCHR, 0444, 1, 9 }, > { "tty", S_IFCHR, 0666, 5, 0 }, >- { "console", S_IFCHR, 0666, 5, 1 }, >+ { "console", S_IFCHR, 0600, 5, 1 }, > { "ptmx", S_IFCHR, 0666, 5, 2 } }; > > >diff -r caa60cae1e5a commands/chroothelper.c >--- a/commands/chroothelper.c Tue Oct 02 15:39:19 2007 -0400 >+++ b/commands/chroothelper.c Tue Oct 02 16:17:11 2007 -0400 >@@ -335,30 +335,11 @@ int enter_chroot(const char * chrootDir, > return rc; > } > >- /* keep our capabilities as we transition back to our real uid */ >- prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); >- >- if (switch_to_user(RMAKE_USER)) { >- fprintf(stderr, "ERROR: can not assume %s privileges\n", RMAKE_USER); >- return -1; >- } >- >- /* also initgroups here */ >- >- /* retain chroot() and mknod() */ >- cap = cap_from_text("cap_sys_chroot,cap_mknod,cap_setuid,cap_setgid+ep"); >- if (NULL == cap) { >- perror("cap_from_text"); >- return 1; >- } >- if (0 != cap_set_proc(cap)) { >- perror("cap_set_proc"); >- return 1; >- } >- cap_free(cap); >- > /* we need to allow creation of 666 devices */ > umask(0); >+ /* make sure we create all nodes as root.root */ >+ if ((rc = switch_to_uid_gid(0, 0))) >+ return rc; > /* mknod here */ > for(i=0; i < (sizeof(devices) / sizeof(devices[0])); i++) { > struct devinfo_t device = devices[i]; >@@ -384,6 +365,30 @@ int enter_chroot(const char * chrootDir, > } > /* restore sane umask */ > umask(0002); >+ >+ >+ >+ /* keep our capabilities as we transition back to our real uid */ >+ prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); >+ >+ if (switch_to_user(RMAKE_USER)) { >+ fprintf(stderr, "ERROR: can not assume %s privileges\n", RMAKE_USER); >+ return -1; >+ } >+ >+ /* also initgroups here */ >+ >+ /* retain chroot() and mknod() */ >+ cap = cap_from_text("cap_sys_chroot,cap_setuid,cap_setgid+ep"); >+ if (NULL == cap) { >+ perror("cap_from_text"); >+ return 1; >+ } >+ if (0 != cap_set_proc(cap)) { >+ perror("cap_set_proc"); >+ return 1; >+ } >+ cap_free(cap); > > /* make required symlinks */ > for(i=0; i < (sizeof(symlinks) / sizeof(symlinks[0])); i++) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=132421">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 194550
: 132421
