diff options
author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-03-17 15:01:42 +0800 |
---|---|---|
committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-03-17 15:01:42 +0800 |
commit | d3a29410109b3d8c7e7884d459334a744fbf97bf (patch) | |
tree | ee08dfb64b110e10ed12ae2daa7431bcd7a00845 /recipes/pulseaudio/files | |
parent | e54dcda0f3850194a820cfeb994832fa9b73f7de (diff) |
pulseaudio-0.9.15: Fix a flaw in the tmp directory handling
* Address CVE-2009-1299, compare with http://www.debian.org/security/2010/dsa-2017
Diffstat (limited to 'recipes/pulseaudio/files')
-rw-r--r-- | recipes/pulseaudio/files/CVE-2009-1299.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/recipes/pulseaudio/files/CVE-2009-1299.patch b/recipes/pulseaudio/files/CVE-2009-1299.patch new file mode 100644 index 0000000000..63314b8280 --- /dev/null +++ b/recipes/pulseaudio/files/CVE-2009-1299.patch @@ -0,0 +1,86 @@ +From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001 +From: Kees Cook <kees@ubuntu.com> +Date: Tue, 2 Mar 2010 21:33:34 -0800 +Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created + +--- + configure.ac | 2 +- + src/pulsecore/core-util.c | 39 ++++++++++++++++++++++++++++++++++----- + 2 files changed, 35 insertions(+), 6 deletions(-) + +Index: pulseaudio-0.9.15/configure.ac +=================================================================== +--- pulseaudio-0.9.15.orig/configure.ac 2010-03-17 14:50:02.000000000 +0800 ++++ pulseaudio-0.9.15/configure.ac 2010-03-17 14:52:27.250075828 +0800 +@@ -403,7 +403,7 @@ + AC_FUNC_FORK + AC_FUNC_GETGROUPS + AC_FUNC_SELECT_ARGTYPES +-AC_CHECK_FUNCS([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \ ++AC_CHECK_FUNCS([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \ + getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \ + pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \ + sigaction sleep sysconf pthread_setaffinity_np]) +Index: pulseaudio-0.9.15/src/pulsecore/core-util.c +=================================================================== +--- pulseaudio-0.9.15.orig/src/pulsecore/core-util.c 2010-03-17 14:49:59.000000000 +0800 ++++ pulseaudio-0.9.15/src/pulsecore/core-util.c 2010-03-17 14:51:37.680079062 +0800 +@@ -178,7 +178,7 @@ + /** Creates a directory securely */ + int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) { + struct stat st; +- int r, saved_errno; ++ int r, saved_errno, fd; + + pa_assert(dir); + +@@ -196,16 +196,45 @@ + if (r < 0 && errno != EEXIST) + return -1; + +-#ifdef HAVE_CHOWN ++#ifdef HAVE_FSTAT ++ if ((fd = open(dir, ++#ifdef O_CLOEXEC ++ O_CLOEXEC| ++#endif ++#ifdef O_NOCTTY ++ O_NOCTTY| ++#endif ++#ifdef O_NOFOLLOW ++ O_NOFOLLOW| ++#endif ++ O_RDONLY)) < 0) ++ goto fail; ++ ++ if (fstat(fd, &st) < 0) { ++ pa_assert_se(pa_close(fd) >= 0); ++ goto fail; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ pa_assert_se(pa_close(fd) >= 0); ++ errno = EEXIST; ++ goto fail; ++ } ++ ++#ifdef HAVE_FCHOWN + if (uid == (uid_t)-1) + uid = getuid(); + if (gid == (gid_t)-1) + gid = getgid(); +- (void) chown(dir, uid, gid); ++ (void) fchown(fd, uid, gid); ++#endif ++ ++#ifdef HAVE_FCHMOD ++ (void) fchmod(fd, m); + #endif + +-#ifdef HAVE_CHMOD +- chmod(dir, m); ++ pa_assert_se(pa_close(fd) >= 0); ++ + #endif + + #ifdef HAVE_LSTAT |