Gentoo Archives: gentoo-commits

From: "Diego Petteno (flameeyes)" <flameeyes@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in src/patchsets/glibc/2.11.2: 0061_all_glibc-double-expansion.patch 0062_all_glibc-no-ORIGIN-setuid.patch README.history
Date: Sun, 31 Oct 2010 21:02:59
Message-Id: 20101031210255.C28ED20051@flycatcher.gentoo.org
1 flameeyes 10/10/31 21:02:55
2
3 Modified: README.history
4 Added: 0061_all_glibc-double-expansion.patch
5 0062_all_glibc-no-ORIGIN-setuid.patch
6 Log:
7 New patches for the recent security issues.
8
9 Revision Changes Path
10 1.15 src/patchsets/glibc/2.11.2/README.history
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/README.history?rev=1.15&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/README.history?rev=1.15&content-type=text/plain
14 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/README.history?r1=1.14&r2=1.15
15
16 Index: README.history
17 ===================================================================
18 RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.11.2/README.history,v
19 retrieving revision 1.14
20 retrieving revision 1.15
21 diff -u -r1.14 -r1.15
22 --- README.history 26 Oct 2010 15:01:20 -0000 1.14
23 +++ README.history 31 Oct 2010 21:02:55 -0000 1.15
24 @@ -1,3 +1,7 @@
25 +6 31.10.2010
26 + + 0061_all_glibc-double-expansion.patch
27 + + 0062_all_glibc-no-ORIGIN-setuid.patch
28 +
29 5 26.10.2010
30 + 0060_all_glibc-ld-audit-setuid.patch
31
32
33
34
35 1.1 src/patchsets/glibc/2.11.2/0061_all_glibc-double-expansion.patch
36
37 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/0061_all_glibc-double-expansion.patch?rev=1.1&view=markup
38 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/0061_all_glibc-double-expansion.patch?rev=1.1&content-type=text/plain
39
40 Index: 0061_all_glibc-double-expansion.patch
41 ===================================================================
42 From 22cd1c9bcf57c5829d65b6da825f7a459d40c9eb Mon Sep 17 00:00:00 2001
43 From: Andreas Schwab <schwab@××××××.com>
44 Date: Sun, 24 Oct 2010 20:40:14 -0400
45 Subject: [PATCH] Don't expand DST twice in dl_open
46
47 ---
48 ChangeLog | 5 +++++
49 elf/dl-open.c | 29 -----------------------------
50 2 files changed, 5 insertions(+), 29 deletions(-)
51
52 diff --git a/elf/dl-open.c b/elf/dl-open.c
53 index 754a263..c394b3f 100644
54 --- a/elf/dl-open.c
55 +++ b/elf/dl-open.c
56 @@ -221,35 +221,6 @@ dl_open_worker (void *a)
57
58 assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
59
60 - /* Maybe we have to expand a DST. */
61 - if (__builtin_expect (dst != NULL, 0))
62 - {
63 - size_t len = strlen (file);
64 -
65 - /* Determine how much space we need. We have to allocate the
66 - memory locally. */
67 - size_t required = DL_DST_REQUIRED (call_map, file, len,
68 - _dl_dst_count (dst, 0));
69 -
70 - /* Get space for the new file name. */
71 - char *new_file = (char *) alloca (required + 1);
72 -
73 - /* Generate the new file name. */
74 - _dl_dst_substitute (call_map, file, new_file, 0);
75 -
76 - /* If the substitution failed don't try to load. */
77 - if (*new_file == '\0')
78 - _dl_signal_error (0, "dlopen", NULL,
79 - N_("empty dynamic string token substitution"));
80 -
81 - /* Now we have a new file name. */
82 - file = new_file;
83 -
84 - /* It does not matter whether call_map is set even if we
85 - computed it only because of the DST. Since the path contains
86 - a slash the value is not used. See dl-load.c. */
87 - }
88 -
89 /* Load the named object. */
90 struct link_map *new;
91 args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
92 --
93 1.7.2
94
95
96
97
98 1.1 src/patchsets/glibc/2.11.2/0062_all_glibc-no-ORIGIN-setuid.patch
99
100 file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/0062_all_glibc-no-ORIGIN-setuid.patch?rev=1.1&view=markup
101 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.11.2/0062_all_glibc-no-ORIGIN-setuid.patch?rev=1.1&content-type=text/plain
102
103 Index: 0062_all_glibc-no-ORIGIN-setuid.patch
104 ===================================================================
105 From: Andreas Schwab <schwab at redhat dot com>
106 Subject: [PATCH] Never expand $ORIGIN in privileged programs
107 Date: Mon, 18 Oct 2010 15:12:09 +0200
108
109 Path elements containing $ORIGIN should always be ignored in privileged
110 programs.
111
112 Andreas.
113
114 2010-10-18 Andreas Schwab <schwab@××××××.com>
115
116 * elf/dl-load.c (is_dst): Remove last parameter.
117 (_dl_dst_count): Ignore $ORIGIN in privileged programs.
118 (_dl_dst_substitute): Likewise.
119 ---
120 elf/dl-load.c | 30 +++++++++++++-----------------
121 1 files changed, 13 insertions(+), 17 deletions(-)
122
123 diff --git a/elf/dl-load.c b/elf/dl-load.c
124 index a7162eb..776f7e4 100644
125 --- a/elf/dl-load.c
126 +++ b/elf/dl-load.c
127 @@ -169,8 +169,7 @@ local_strdup (const char *s)
128
129
130 static size_t
131 -is_dst (const char *start, const char *name, const char *str,
132 - int is_path, int secure)
133 +is_dst (const char *start, const char *name, const char *str, int is_path)
134 {
135 size_t len;
136 bool is_curly = false;
137 @@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str,
138 && (!is_path || name[len] != ':'))
139 return 0;
140
141 - if (__builtin_expect (secure, 0)
142 - && ((name[len] != '\0' && (!is_path || name[len] != ':'))
143 - || (name != start + 1 && (!is_path || name[-2] != ':'))))
144 - return 0;
145 -
146 return len;
147 }
148
149 @@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path)
150 {
151 size_t len;
152
153 - /* $ORIGIN is not expanded for SUID/GUID programs (except if it
154 - is $ORIGIN alone) and it must always appear first in path. */
155 + /* $ORIGIN is not expanded for SUID/GUID programs. */
156 ++name;
157 - if ((len = is_dst (start, name, "ORIGIN", is_path,
158 - INTUSE(__libc_enable_secure))) != 0
159 - || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
160 - || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
161 + if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
162 + && !INTUSE(__libc_enable_secure))
163 + || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
164 + || (len = is_dst (start, name, "LIB", is_path)) != 0)
165 ++cnt;
166
167 name = strchr (name + len, '$');
168 @@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
169 size_t len;
170
171 ++name;
172 - if ((len = is_dst (start, name, "ORIGIN", is_path,
173 - INTUSE(__libc_enable_secure))) != 0)
174 + if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
175 {
176 + /* Ignore this path element in SUID/SGID programs. */
177 + if (INTUSE(__libc_enable_secure))
178 + repl = (const char *) -1;
179 + else
180 #ifndef SHARED
181 if (l == NULL)
182 repl = _dl_get_origin ();
183 @@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
184 #endif
185 repl = l->l_origin;
186 }
187 - else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
188 + else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
189 repl = GLRO(dl_platform);
190 - else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
191 + else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
192 repl = DL_DST_LIB;
193
194 if (repl != NULL && repl != (const char *) -1)
195 --
196 1.7.2.3
197
198
199 --
200 Andreas Schwab, schwab@××××××.com
201 GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E
202 "And now for something completely different."