Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 197130 Details for
Bug 276986
<media-sound/pulseaudio-0.9.9-r54 execv local root vulnerability (CVE-2009-1894)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
pulseaudio-0.9.16-Remove-exploitable-LD_BIND_NOW-hack.patch
pulseaudio-0.9.16-Remove-exploitable-LD_BIND_NOW-hack.patch (text/plain), 3.19 KB, created by
Robert Buchholz (RETIRED)
on 2009-07-07 23:37:00 UTC
(
hide
)
Description:
pulseaudio-0.9.16-Remove-exploitable-LD_BIND_NOW-hack.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-07-07 23:37:00 UTC
Size:
3.19 KB
patch
obsolete
>From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com> >Date: Tue, 7 Jul 2009 20:51:53 +0200 >Subject: [PATCH] Remove exploitable LD_BIND_NOW hack. > >Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, >just find the correct flag for the linker to request immediate bindings >(all ELF files support that option), and use that when linking the daemon. > >Reduce the amount of compiled and executed code as well. >--- > configure.ac | 6 ++++++ > src/Makefile.am | 4 ++-- > src/daemon/main.c | 22 ---------------------- > 3 files changed, 8 insertions(+), 24 deletions(-) > >diff --git a/configure.ac b/configure.ac >index 9c96d1c..cc7f674 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -113,6 +113,12 @@ CC_CHECK_LDFLAGS([${tmp_ldflag}], > [VERSIONING_LDFLAGS='-Wl,-version-script=$(srcdir)/map-file']) > AC_SUBST([VERSIONING_LDFLAGS]) > >+dnl Use immediate (now) bindings; avoids the funky re-call in itself >+dnl the -z now syntax is lifted from Sun's linker and works with GNU's too >+dnl other linkes might be added later >+CC_CHECK_LDFLAGS([-Wl,-z,now], [IMMEDIATE_LDFLAGS="-Wl,-z,now"]) >+AC_SUBST([IMMEDIATE_LDFLAGS]) >+ > dnl Check for the proper way to build libraries that have no undefined > dnl symbols; on some hosts this needs to be avoided but the macro > dnl takes care of it. >diff --git a/src/Makefile.am b/src/Makefile.am >index 7ebf1f8..ac627c8 100644 >--- a/src/Makefile.am >+++ b/src/Makefile.am >@@ -183,9 +183,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) > endif > > if FORCE_PREOPEN >-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) >+pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) > else >-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) >+pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) > endif > > ################################### >diff --git a/src/daemon/main.c b/src/daemon/main.c >index eb378d2..0f6fc90 100644 >--- a/src/daemon/main.c >+++ b/src/daemon/main.c >@@ -401,28 +401,6 @@ int main(int argc, char *argv[]) { > pa_log_set_level(PA_LOG_NOTICE); > pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET); > >-#if defined(__linux__) && defined(__OPTIMIZE__) >- /* >- Disable lazy relocations to make usage of external libraries >- more deterministic for our RT threads. We abuse __OPTIMIZE__ as >- a check whether we are a debug build or not. >- */ >- >- if (!getenv("LD_BIND_NOW")) { >- char *rp; >- >- /* We have to execute ourselves, because the libc caches the >- * value of $LD_BIND_NOW on initialization. */ >- >- pa_set_env("LD_BIND_NOW", "1"); >- >- if ((rp = pa_readlink("/proc/self/exe"))) >- pa_assert_se(execv(rp, argv) == 0); >- else >- pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); >- } >-#endif >- > if ((e = getenv("PULSE_PASSED_FD"))) { > passed_fd = atoi(e); > >-- >1.6.3.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 276986
:
197128
| 197130 |
197344