Summary: | <sys-devel/icecream-1.3.1: root privilege escalation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | ajak, alexxy, bicatali, bircoph, cluster, jsbronder, jstein, lucas.yamanishi, mgorny, miska, mschiff, o.freyermuth, pchrist, prometheanfire, sam, scarabeus, security-audit, ultrabug, xarthisius |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=642674 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2016-12-13 02:59:30 UTC
As we discovered over in bug #602550, users of vanilla-sources (and others) are vulnerable to the same attack using hard links, so simply adding "--no-dereference" to the "chown" call is not enough to fix this. I think 9 months is a fair embargo period, can this please be made public so that I can reference it in a CVE request? Ping? =o Nobody's home, CCing mgorny for treeclean. Unrestricting and reassigning to security@ per bug #705894 unrestricting per bug 705894 Fix submitted here: https://github.com/gentoo/gentoo/pull/15975 (In reply to Lucas Yamanishi from comment #7) > Fix submitted here: https://github.com/gentoo/gentoo/pull/15975 Sadly this just trades one root exploit for another, because there's a 2.5-year-old root exploit in our default init system that affects your tmpfiles "Z" entry: https://github.com/OpenRC/opentmpfiles/issues/3 That's never going to get fixed under the current management, so you should find a way to avoid "Z" entries (and nested "d" or "f" entries) if possible. Ah, I copied that file from SuSE without looking at it. It seems most of these were introduced there. I've pushed a change to fix it using "d" with an age field. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b133beeb3fd21ef368c3fe9b8b05b026ec5cd562 commit b133beeb3fd21ef368c3fe9b8b05b026ec5cd562 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-12-21 04:10:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-21 04:19:19 +0000 sys-devel/icecream: update EAPI 7 -> 8, post-review fixes - Use EAPI 8 - Use conventional double quotes everywhere - Unconditionally install systemd units (see small files policy) - Adapt pkg_* for EAPI 7+ (${ROOT} suffix) - Style changes (place eclass variables before inherit in general, whitespace) - Drop unnecessary econf arg (--enable-fast-install) - Add missing dependencies (libarchive, lzo) Bug: https://bugs.gentoo.org/602492 Closes: https://bugs.gentoo.org/527376 Closes: https://bugs.gentoo.org/642674 Closes: https://bugs.gentoo.org/828135 Signed-off-by: Sam James <sam@gentoo.org> sys-devel/icecream/icecream-1.3.1.ebuild | 64 +++++++++++++++----------------- 1 file changed, 29 insertions(+), 35 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a857ea599201b42ab12a2919badfd7b34997cbbb commit a857ea599201b42ab12a2919badfd7b34997cbbb Author: Lucas Yamanishi <lucas.yamanishi@gmail.com> AuthorDate: 2020-05-26 17:58:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-21 04:19:18 +0000 sys-devel/icecream: Bump to 1.3.1, various fixes * Fixes bug #602492 * Adds systemd support * Installs firewalld service files Bug: https://bugs.gentoo.org/602492 Closes: https://bugs.gentoo.org/527376 Closes: https://bugs.gentoo.org/642674 Closes: https://github.com/gentoo/gentoo/pull/15975 Signed-off-by: Lucas Yamanishi <lucas.yamanishi@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> sys-devel/icecream/Manifest | 1 + sys-devel/icecream/files/icecc-scheduler.service | 12 ++++ sys-devel/icecream/files/iceccd.service | 12 ++++ sys-devel/icecream/files/icecream-tmpfiles.conf | 2 + sys-devel/icecream/files/icecream.openrc | 55 +++++++++++++++ sys-devel/icecream/icecream-1.3.1.ebuild | 85 ++++++++++++++++++++++++ 6 files changed, 167 insertions(+) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87556f241ec6b6b8154afdd7ac88643226b69751 commit 87556f241ec6b6b8154afdd7ac88643226b69751 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-12 00:03:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-12 00:03:15 +0000 sys-devel/icecream: drop 1.0.0-r3 Closes: https://bugs.gentoo.org/602492 Signed-off-by: Sam James <sam@gentoo.org> sys-devel/icecream/Manifest | 1 - sys-devel/icecream/icecream-1.0.0-r3.ebuild | 62 ----------------------------- 2 files changed, 63 deletions(-) |