1 |
tomjbe 11/08/30 16:59:58 |
2 |
|
3 |
Added: ax25-tools-0.0.10_rc2-cve-2011-2910.patch |
4 |
Log: |
5 |
Fix for CVE-2011-2910. see Bug #379293 |
6 |
|
7 |
(Portage version: 2.1.10.11/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: ax25-tools-0.0.10_rc2-cve-2011-2910.patch |
16 |
=================================================================== |
17 |
diff -Nur ax25-tools-0.0.10-rc2/ax25/ax25d.c ax25-tools/ax25/ax25d.c |
18 |
--- ax25-tools-0.0.10-rc2/ax25/ax25d.c 2009-06-21 20:01:55.000000000 +0200 |
19 |
+++ ax25-tools/ax25/ax25d.c 2011-08-18 11:51:08.000000000 +0200 |
20 |
@@ -1,5 +1,5 @@ |
21 |
/* |
22 |
- * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $ |
23 |
+ * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $ |
24 |
* |
25 |
* This is my version of axl.c, written for the LBBS code to make it |
26 |
* compatable with the kernel AX25 driver. It appears to work, with |
27 |
@@ -577,7 +577,7 @@ |
28 |
/* close link */ |
29 |
/* setproctitle("ax25d [%s]: disconnecting", User); */ |
30 |
close(new); |
31 |
- return 0; |
32 |
+ exit(0); |
33 |
} |
34 |
login: |
35 |
/* setproctitle("ax25d [%s]: login", User); */ |
36 |
@@ -614,11 +614,15 @@ |
37 |
closelog(); |
38 |
|
39 |
/* Make root secure, before we exec() */ |
40 |
- setgroups(0, grps); /* Strip any supplementary gid's */ |
41 |
- setgid(raxl->gid); |
42 |
- setuid(raxl->uid); |
43 |
+ /* Strip any supplementary gid's */ |
44 |
+ if (setgroups(0, grps) == -1) |
45 |
+ exit(1); |
46 |
+ if (setgid(raxl->gid) == -1) |
47 |
+ exit(1); |
48 |
+ if (setuid(raxl->uid) == -1) |
49 |
+ exit(1); |
50 |
execve(raxl->exec, argv, NULL); |
51 |
- return 1; |
52 |
+ exit(1); |
53 |
|
54 |
default: |
55 |
close(new); |
56 |
diff -Nur ax25-tools-0.0.10-rc2/ax25/axspawn.c ax25-tools/ax25/axspawn.c |
57 |
--- ax25-tools-0.0.10-rc2/ax25/axspawn.c 2009-06-21 20:01:55.000000000 +0200 |
58 |
+++ ax25-tools/ax25/axspawn.c 2011-08-18 12:43:49.000000000 +0200 |
59 |
@@ -1,10 +1,10 @@ |
60 |
/* |
61 |
* |
62 |
- * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $ |
63 |
+ * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $ |
64 |
* |
65 |
* axspawn.c - run a program from ax25d. |
66 |
* |
67 |
- * Copyright (c) 1996 Jörg Reuter DL1BKE (jreuter@×××××××.com) |
68 |
+ * Copyright (c) 1996 Joerg Reuter DL1BKE (jreuter@×××××××.com) |
69 |
* |
70 |
* This program is a hack. |
71 |
* |
72 |
@@ -1693,7 +1693,11 @@ |
73 |
pututline(&ut_line); |
74 |
endutent(); |
75 |
|
76 |
- setsid(); |
77 |
+ /* become process group leader, if we not already are */ |
78 |
+ if (getpid() != getsid(0)) { |
79 |
+ if (setsid() == -1) |
80 |
+ exit(1); |
81 |
+ } |
82 |
|
83 |
chargc = 0; |
84 |
envc = 0; |