Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Diego Petteno (flameeyes)" <flameeyes@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in media-sound/pulseaudio/files: pulseaudio-0.9.9-CVE-2009-1894.patch pulseaudio-0.9.16-CVE-2009-1894.patch pulseaudio-0.9.15-CVE-2009-1894.patch
Date: Thu, 16 Jul 2009 14:00:07
Message-Id: E1MRRVE-00077R-Ne@stork.gentoo.org
1 flameeyes 09/07/16 14:00:04
2
3 Added: pulseaudio-0.9.9-CVE-2009-1894.patch
4 pulseaudio-0.9.16-CVE-2009-1894.patch
5 pulseaudio-0.9.15-CVE-2009-1894.patch
6 Log:
7 Add patch to fix CVE-2009-1894, see bug #276986.
8 (Portage version: 2.2_rc33/cvs/Linux x86_64, RepoMan options: --force)
9
10 Revision Changes Path
11 1.1 media-sound/pulseaudio/files/pulseaudio-0.9.9-CVE-2009-1894.patch
12
13 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/pulseaudio/files/pulseaudio-0.9.9-CVE-2009-1894.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/pulseaudio/files/pulseaudio-0.9.9-CVE-2009-1894.patch?rev=1.1&content-type=text/plain
15
16 Index: pulseaudio-0.9.9-CVE-2009-1894.patch
17 ===================================================================
18 From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001
19 From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@×××××.com>
20 Date: Tue, 7 Jul 2009 20:51:53 +0200
21 Subject: [PATCH] Remove exploitable LD_BIND_NOW hack.
22
23 Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set,
24 just find the correct flag for the linker to request immediate bindings
25 (all ELF files support that option), and use that when linking the daemon.
26
27 Reduce the amount of compiled and executed code as well.
28 ---
29 src/Makefile.am | 4 ++--
30 src/daemon/main.c | 19 -------------------
31 2 files changed, 2 insertions(+), 21 deletions(-)
32
33 diff --git a/src/Makefile.am b/src/Makefile.am
34 index 2ac4f3d..7d1c431 100644
35 --- a/src/Makefile.am
36 +++ b/src/Makefile.am
37 @@ -147,9 +147,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES)
38 endif
39
40 if FORCE_PREOPEN
41 -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
42 +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
43 else
44 -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
45 +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
46 endif
47
48 if HAVE_POLKIT
49 diff --git a/src/daemon/main.c b/src/daemon/main.c
50 index 4276d1d..c788917 100644
51 --- a/src/daemon/main.c
52 +++ b/src/daemon/main.c
53 @@ -340,25 +340,6 @@ int main(int argc, char *argv[]) {
54 #endif
55
56
57 -#if defined(__linux__) && defined(__OPTIMIZE__)
58 - /*
59 - Disable lazy relocations to make usage of external libraries
60 - more deterministic for our RT threads. We abuse __OPTIMIZE__ as
61 - a check whether we are a debug build or not.
62 - */
63 -
64 - if (!getenv("LD_BIND_NOW")) {
65 - char *rp;
66 -
67 - /* We have to execute ourselves, because the libc caches the
68 - * value of $LD_BIND_NOW on initialization. */
69 -
70 - putenv(pa_xstrdup("LD_BIND_NOW=1"));
71 - pa_assert_se(rp = pa_readlink("/proc/self/exe"));
72 - pa_assert_se(execv(rp, argv) == 0);
73 - }
74 -#endif
75 -
76 #ifdef HAVE_GETUID
77 real_root = getuid() == 0;
78 suid_root = !real_root && geteuid() == 0;
79 --
80 1.6.3.3
81
82
83
84
85 1.1 media-sound/pulseaudio/files/pulseaudio-0.9.16-CVE-2009-1894.patch
86
87 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/pulseaudio/files/pulseaudio-0.9.16-CVE-2009-1894.patch?rev=1.1&view=markup
88 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/pulseaudio/files/pulseaudio-0.9.16-CVE-2009-1894.patch?rev=1.1&content-type=text/plain
89
90 Index: pulseaudio-0.9.16-CVE-2009-1894.patch
91 ===================================================================
92 From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001
93 From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@×××××.com>
94 Date: Tue, 7 Jul 2009 20:51:53 +0200
95 Subject: [PATCH] Remove exploitable LD_BIND_NOW hack.
96
97 Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set,
98 just find the correct flag for the linker to request immediate bindings
99 (all ELF files support that option), and use that when linking the daemon.
100
101 Reduce the amount of compiled and executed code as well.
102 ---
103 configure.ac | 6 ++++++
104 src/Makefile.am | 4 ++--
105 src/daemon/main.c | 22 ----------------------
106 3 files changed, 8 insertions(+), 24 deletions(-)
107
108 diff --git a/configure.ac b/configure.ac
109 index 9c96d1c..cc7f674 100644
110 --- a/configure.ac
111 +++ b/configure.ac
112 @@ -113,6 +113,12 @@ CC_CHECK_LDFLAGS([${tmp_ldflag}],
113 [VERSIONING_LDFLAGS='-Wl,-version-script=$(srcdir)/map-file'])
114 AC_SUBST([VERSIONING_LDFLAGS])
115
116 +dnl Use immediate (now) bindings; avoids the funky re-call in itself
117 +dnl the -z now syntax is lifted from Sun's linker and works with GNU's too
118 +dnl other linkes might be added later
119 +CC_CHECK_LDFLAGS([-Wl,-z,now], [IMMEDIATE_LDFLAGS="-Wl,-z,now"])
120 +AC_SUBST([IMMEDIATE_LDFLAGS])
121 +
122 dnl Check for the proper way to build libraries that have no undefined
123 dnl symbols; on some hosts this needs to be avoided but the macro
124 dnl takes care of it.
125 diff --git a/src/Makefile.am b/src/Makefile.am
126 index 7ebf1f8..ac627c8 100644
127 --- a/src/Makefile.am
128 +++ b/src/Makefile.am
129 @@ -183,9 +183,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES)
130 endif
131
132 if FORCE_PREOPEN
133 -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
134 +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
135 else
136 -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
137 +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
138 endif
139
140 ###################################
141 diff --git a/src/daemon/main.c b/src/daemon/main.c
142 index eb378d2..0f6fc90 100644
143 --- a/src/daemon/main.c
144 +++ b/src/daemon/main.c
145 @@ -401,28 +401,6 @@ int main(int argc, char *argv[]) {
146 pa_log_set_level(PA_LOG_NOTICE);
147 pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET);
148
149 -#if defined(__linux__) && defined(__OPTIMIZE__)
150 - /*
151 - Disable lazy relocations to make usage of external libraries
152 - more deterministic for our RT threads. We abuse __OPTIMIZE__ as
153 - a check whether we are a debug build or not.
154 - */
155 -
156 - if (!getenv("LD_BIND_NOW")) {
157 - char *rp;
158 -
159 - /* We have to execute ourselves, because the libc caches the
160 - * value of $LD_BIND_NOW on initialization. */
161 -
162 - pa_set_env("LD_BIND_NOW", "1");
163 -
164 - if ((rp = pa_readlink("/proc/self/exe")))
165 - pa_assert_se(execv(rp, argv) == 0);
166 - else
167 - pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?");
168 - }
169 -#endif
170 -
171 if ((e = getenv("PULSE_PASSED_FD"))) {
172 passed_fd = atoi(e);
173
174 --
175 1.6.3.3
176
177
178
179
180 1.1 media-sound/pulseaudio/files/pulseaudio-0.9.15-CVE-2009-1894.patch
181
182 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/pulseaudio/files/pulseaudio-0.9.15-CVE-2009-1894.patch?rev=1.1&view=markup
183 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-sound/pulseaudio/files/pulseaudio-0.9.15-CVE-2009-1894.patch?rev=1.1&content-type=text/plain
184
185 Index: pulseaudio-0.9.15-CVE-2009-1894.patch
186 ===================================================================
187 Index: pulseaudio-0.9.15/src/daemon/main.c
188 ===================================================================
189 --- pulseaudio-0.9.15.orig/src/daemon/main.c
190 +++ pulseaudio-0.9.15/src/daemon/main.c
191 @@ -399,28 +399,6 @@ int main(int argc, char *argv[]) {
192 pa_log_set_level(PA_LOG_NOTICE);
193 pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET);
194
195 -#if defined(__linux__) && defined(__OPTIMIZE__)
196 - /*
197 - Disable lazy relocations to make usage of external libraries
198 - more deterministic for our RT threads. We abuse __OPTIMIZE__ as
199 - a check whether we are a debug build or not.
200 - */
201 -
202 - if (!getenv("LD_BIND_NOW")) {
203 - char *rp;
204 -
205 - /* We have to execute ourselves, because the libc caches the
206 - * value of $LD_BIND_NOW on initialization. */
207 -
208 - pa_set_env("LD_BIND_NOW", "1");
209 -
210 - if ((rp = pa_readlink("/proc/self/exe")))
211 - pa_assert_se(execv(rp, argv) == 0);
212 - else
213 - pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?");
214 - }
215 -#endif
216 -
217 #ifdef HAVE_GETUID
218 real_root = getuid() == 0;
219 suid_root = !real_root && geteuid() == 0;
220 Index: pulseaudio-0.9.15/src/Makefile.am
221 ===================================================================
222 --- pulseaudio-0.9.15.orig/src/Makefile.am
223 +++ pulseaudio-0.9.15/src/Makefile.am
224 @@ -153,9 +153,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES)
225 endif
226
227 if FORCE_PREOPEN
228 -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
229 +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
230 else
231 -pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
232 +pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
233 endif
234
235 if HAVE_POLKIT
Report Message
Find on MARC Find on Google Groups