Archives
Archives
| From: | "Robin H. Johnson (robbat2)" <robbat2@g.o> |
|---|---|
| To: | gentoo-commits@l.g.o |
| Subject: | [gentoo-commits] gentoo-x86 commit in sys-fs/multipath-tools/files: multipath-tools-0.4.8-socket-cve-2009-0115.patch |
| Date: | Fri, 30 Oct 2009 07:01:37 |
| Message-Id: | E1N3lUN-00080C-I4@stork.gentoo.org |
| 1 | robbat2 09/10/30 07:01:35 |
| 2 | |
| 3 | Added: multipath-tools-0.4.8-socket-cve-2009-0115.patch |
| 4 | Log: |
| 5 | Missed one more patch, bug #264564, fix for CVE-2009-0115. |
| 6 | (Portage version: 2.2_rc46/cvs/Linux x86_64) |
| 7 | |
| 8 | Revision Changes Path |
| 9 | 1.1 sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch |
| 10 | |
| 11 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch?rev=1.1&view=markup |
| 12 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch?rev=1.1&content-type=text/plain |
| 13 | |
| 14 | Index: multipath-tools-0.4.8-socket-cve-2009-0115.patch |
| 15 | =================================================================== |
| 16 | From: Hannes Reinecke <hare@××××.de> |
| 17 | Date: Wed, 1 Apr 2009 20:31:01 +0000 (+0200) |
| 18 | Subject: [multipathd] /var/run/multipathd.sock is world-writable |
| 19 | X-Git-Url: http://git.kernel.org/gitweb.cgi?p=linux%2Fstorage%2Fmultipath-tools%2F.git;a=commitdiff_plain;h=0a0319d381249760c71023edbe0ac9c093bb4a74;hp=15d4bdddcb9b71e0ec6fecc3c37a1b8cae8f51ff |
| 20 | |
| 21 | [multipathd] /var/run/multipathd.sock is world-writable |
| 22 | |
| 23 | Due to an stray 'umask()' the socket file is in fact world-writable, |
| 24 | allowing for an easy exploit. |
| 25 | |
| 26 | References: 458598 |
| 27 | --- |
| 28 | |
| 29 | diff --git a/multipathd/main.c b/multipathd/main.c |
| 30 | index 8a1a63d..9957f1f 100644 |
| 31 | --- a/multipathd/main.c |
| 32 | +++ b/multipathd/main.c |
| 33 | @@ -1454,8 +1454,9 @@ daemonize(void) |
| 34 | |
| 35 | close(in_fd); |
| 36 | close(out_fd); |
| 37 | - chdir("/"); |
| 38 | - umask(0); |
| 39 | + if (chdir("/") < 0) |
| 40 | + fprintf(stderr, "cannot chdir to '/', continuing\n"); |
| 41 | + |
| 42 | return 0; |
| 43 | } |