Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 197128 Details for
Bug 276986
<media-sound/pulseaudio-0.9.9-r54 execv local root vulnerability (CVE-2009-1894)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
pulseaudio-0.9.9-Remove-exploitable-LD_BIND_NOW-hack.patch
pulseaudio-0.9.9-Remove-exploitable-LD_BIND_NOW-hack.patch (text/plain), 2.22 KB, created by
Robert Buchholz (RETIRED)
on 2009-07-07 23:36:50 UTC
(
hide
)
Description:
pulseaudio-0.9.9-Remove-exploitable-LD_BIND_NOW-hack.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-07-07 23:36:50 UTC
Size:
2.22 KB
patch
obsolete
>From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com> >Date: Tue, 7 Jul 2009 20:51:53 +0200 >Subject: [PATCH] Remove exploitable LD_BIND_NOW hack. > >Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, >just find the correct flag for the linker to request immediate bindings >(all ELF files support that option), and use that when linking the daemon. > >Reduce the amount of compiled and executed code as well. >--- > src/Makefile.am | 4 ++-- > src/daemon/main.c | 19 ------------------- > 2 files changed, 2 insertions(+), 21 deletions(-) > >diff --git a/src/Makefile.am b/src/Makefile.am >index 2ac4f3d..7d1c431 100644 >--- a/src/Makefile.am >+++ b/src/Makefile.am >@@ -147,9 +147,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) > endif > > if FORCE_PREOPEN >-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) >+pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) > else >-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) >+pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) > endif > > if HAVE_POLKIT >diff --git a/src/daemon/main.c b/src/daemon/main.c >index 4276d1d..c788917 100644 >--- a/src/daemon/main.c >+++ b/src/daemon/main.c >@@ -340,25 +340,6 @@ int main(int argc, char *argv[]) { > #endif > > >-#if defined(__linux__) && defined(__OPTIMIZE__) >- /* >- Disable lazy relocations to make usage of external libraries >- more deterministic for our RT threads. We abuse __OPTIMIZE__ as >- a check whether we are a debug build or not. >- */ >- >- if (!getenv("LD_BIND_NOW")) { >- char *rp; >- >- /* We have to execute ourselves, because the libc caches the >- * value of $LD_BIND_NOW on initialization. */ >- >- putenv(pa_xstrdup("LD_BIND_NOW=1")); >- pa_assert_se(rp = pa_readlink("/proc/self/exe")); >- pa_assert_se(execv(rp, argv) == 0); >- } >-#endif >- > #ifdef HAVE_GETUID > real_root = getuid() == 0; > suid_root = !real_root && geteuid() == 0; >-- >1.6.3.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=197128">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 276986
: 197128 |
197130
|
197344
