diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2009-10-30 07:01:35 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2009-10-30 07:01:35 +0000 |
| commit | 5a6cc37c37c15d6b24b9da038796c6522f7f43d2 (patch) | |
| tree | a496bcfb2dd1a0f351bfbf7107cf7c7c0a5ee1df | |
| parent | Upstream is a slacker and has not made a release in 2+ years despite being ac... (diff) | |
| download | gentoo-2-5a6cc37c37c15d6b24b9da038796c6522f7f43d2.tar.gz gentoo-2-5a6cc37c37c15d6b24b9da038796c6522f7f43d2.tar.bz2 gentoo-2-5a6cc37c37c15d6b24b9da038796c6522f7f43d2.zip | |
Missed one more patch, bug #264564, fix for CVE-2009-0115.
(Portage version: 2.2_rc46/cvs/Linux x86_64)
| -rw-r--r-- | sys-fs/multipath-tools/ChangeLog | 7 | ||||
| -rw-r--r-- | sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch | 29 | ||||
| -rw-r--r-- | sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild | 4 |
3 files changed, 38 insertions, 2 deletions
diff --git a/sys-fs/multipath-tools/ChangeLog b/sys-fs/multipath-tools/ChangeLog index 315e1c7aca0c..eefb0f5edef8 100644 --- a/sys-fs/multipath-tools/ChangeLog +++ b/sys-fs/multipath-tools/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-fs/multipath-tools # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/ChangeLog,v 1.27 2009/10/30 06:50:12 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/ChangeLog,v 1.28 2009/10/30 07:01:35 robbat2 Exp $ + + 30 Oct 2009; Robin H. Johnson <robbat2@gentoo.org> + multipath-tools-0.4.8-r1.ebuild, + +files/multipath-tools-0.4.8-socket-cve-2009-0115.patch: + Missed one more patch, bug #264564, fix for CVE-2009-0115. *multipath-tools-0.4.8-r1 (30 Oct 2009) diff --git a/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch b/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch new file mode 100644 index 000000000000..deab7620657d --- /dev/null +++ b/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch @@ -0,0 +1,29 @@ +From: Hannes Reinecke <hare@suse.de> +Date: Wed, 1 Apr 2009 20:31:01 +0000 (+0200) +Subject: [multipathd] /var/run/multipathd.sock is world-writable +X-Git-Url: http://git.kernel.org/gitweb.cgi?p=linux%2Fstorage%2Fmultipath-tools%2F.git;a=commitdiff_plain;h=0a0319d381249760c71023edbe0ac9c093bb4a74;hp=15d4bdddcb9b71e0ec6fecc3c37a1b8cae8f51ff + +[multipathd] /var/run/multipathd.sock is world-writable + +Due to an stray 'umask()' the socket file is in fact world-writable, +allowing for an easy exploit. + +References: 458598 +--- + +diff --git a/multipathd/main.c b/multipathd/main.c +index 8a1a63d..9957f1f 100644 +--- a/multipathd/main.c ++++ b/multipathd/main.c +@@ -1454,8 +1454,9 @@ daemonize(void) + + close(in_fd); + close(out_fd); +- chdir("/"); +- umask(0); ++ if (chdir("/") < 0) ++ fprintf(stderr, "cannot chdir to '/', continuing\n"); ++ + return 0; + } + diff --git a/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild b/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild index 24126b09f986..1db3527e9982 100644 --- a/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild +++ b/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild,v 1.1 2009/10/30 06:50:12 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild,v 1.2 2009/10/30 07:01:35 robbat2 Exp $ EAPI=2 inherit eutils toolchain-funcs @@ -28,6 +28,8 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-0.4.8-udev-scsi_id-changes.patch # Patch per upstream tree for 1GiB limit of kpartx epatch "${FILESDIR}"/${PN}-0.4.8-r1-kpartx.patch + # CVE-2009-0115, world writable socket + epatch "${FILESDIR}"/${PN}-0.4.8-socket-cve-2009-0115.patch } src_compile() { |