diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2016-06-30 20:26:57 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 23:31:18 +0200 |
commit | d31c50870d0bee042ce660e445c9294a59a3a65b (patch) | |
tree | 6bfc0de3c95267b401b620c2c67859557dc60f97 /source/l/glibc/glibc.CVE-2013-2207.diff | |
parent | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff) | |
download | current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.gz |
Slackware 14.2slackware-14.2
Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!
The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2. The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system. Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Have fun! :-)
Diffstat (limited to 'source/l/glibc/glibc.CVE-2013-2207.diff')
-rw-r--r-- | source/l/glibc/glibc.CVE-2013-2207.diff | 241 |
1 files changed, 0 insertions, 241 deletions
diff --git a/source/l/glibc/glibc.CVE-2013-2207.diff b/source/l/glibc/glibc.CVE-2013-2207.diff deleted file mode 100644 index c43ccf5c..00000000 --- a/source/l/glibc/glibc.CVE-2013-2207.diff +++ /dev/null @@ -1,241 +0,0 @@ -From 5d96012d9978efe4bad88a38e2efcbeada9f7585 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1@hush.com> -Date: Thu, 22 Aug 2013 -Subject: CVE-2013-2207, BZ #15755: Disable pt_chown. - -Using the setuid installed pt_chown and a weak check on whether a file -descriptor is a tty, an attacker could fake a pty check using FUSE and -trick pt_chown to grant ownership of a pty descriptor that the current -user does not own. It cannot access /dev/pts/ptmx however. - -Pre-conditions for the attack: - - * Attacker with local user account - * Kernel with FUSE support - * "user_allow_other" in /etc/fuse.conf - * Victim with allocated slave in /dev/pts - -In most modern distributions pt_chown is not needed because devpts -is enabled by default. The fix for this CVE is to disable building -and using pt_chown by default. We still provide a configure option -to enable the use of pt_chown but distributions do so at their own -risk. - ---- -This patch was adapted for glibc 2.17 point release from: -http://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1 ---- - - INSTALL | 12 ++++++++++++ - config.h.in | 3 +++ - config.make.in | 1 + - configure | 15 +++++++++++++++ - configure.in | 10 ++++++++++ - login/Makefile | 8 +++++++- - manual/install.texi | 14 ++++++++++++++ - sysdeps/unix/grantpt.c | 8 +++++--- - sysdeps/unix/sysv/linux/grantpt.c | 5 +++-- - 9 files changed, 70 insertions(+), 6 deletions(-) ---- - ---- a/INSTALL -+++ b/INSTALL -@@ -128,6 +128,18 @@ will be used, and CFLAGS sets optimizati - this can be prevented though there generally is no reason since it - creates compatibility problems. - -+`--enable-pt_chown' -+ The file `pt_chown' is a helper binary for `grantpt' (*note -+ Pseudo-Terminals: Allocation.) that is installed setuid root to -+ fix up pseudo-terminal ownership. It is not built by default -+ because systems using the Linux kernel are commonly built with the -+ `devpts' filesystem enabled and mounted at `/dev/pts', which -+ manages pseudo-terminal ownership automatically. By using -+ `--enable-pt_chown', you may build `pt_chown' and install it -+ setuid and owned by `root'. The use of `pt_chown' introduces -+ additional security risks to the system and you should enable it -+ only if you understand and accept those risks. -+ - `--build=BUILD-SYSTEM' - `--host=HOST-SYSTEM' - These options are for cross-compiling. If you specify both ---- a/config.h.in -+++ b/config.h.in -@@ -232,4 +232,7 @@ - /* The ARM hard-float ABI is being used. */ - #undef HAVE_ARM_PCS_VFP - -+/* The pt_chown binary is being built and used by grantpt. */ -+#undef HAVE_PT_CHOWN -+ - #endif ---- a/config.make.in -+++ b/config.make.in -@@ -101,6 +101,7 @@ force-install = @force_install@ - link-obsolete-rpc = @link_obsolete_rpc@ - build-nscd = @build_nscd@ - use-nscd = @use_nscd@ -+build-pt-chown = @build_pt_chown@ - - # Build tools. - CC = @CC@ ---- a/configure -+++ b/configure -@@ -653,6 +653,7 @@ multi_arch - base_machine - add_on_subdirs - add_ons -+build_pt_chown - build_nscd - link_obsolete_rpc - libc_cv_nss_crypt -@@ -759,6 +760,7 @@ enable_obsolete_rpc - enable_systemtap - enable_build_nscd - enable_nscd -+enable_pt_chown - with_cpu - ' - ac_precious_vars='build_alias -@@ -1419,6 +1421,7 @@ Optional Features: - --enable-systemtap enable systemtap static probe points [default=no] - --disable-build-nscd disable building and installing the nscd daemon - --disable-nscd library functions will not contact the nscd daemon -+ --enable-pt_chown Enable building and installing pt_chown - - Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] -@@ -3933,6 +3936,18 @@ else - use_nscd=yes - fi - -+# Check whether --enable-pt_chown was given. -+if test "${enable_pt_chown+set}" = set; then : -+ enableval=$enable_pt_chown; build_pt_chown=$enableval -+else -+ build_pt_chown=no -+fi -+ -+ -+if test $build_pt_chown = yes; then -+ $as_echo "#define HAVE_PT_CHOWN 1" >>confdefs.h -+ -+fi - - # The way shlib-versions is used to generate soversions.mk uses a - # fairly simplistic model for name recognition that can't distinguish ---- a/configure.in -+++ b/configure.in -@@ -315,6 +315,16 @@ AC_ARG_ENABLE([nscd], - [use_nscd=$enableval], - [use_nscd=yes]) - -+AC_ARG_ENABLE([pt_chown], -+ [AS_HELP_STRING([--enable-pt_chown], -+ [Enable building and installing pt_chown])], -+ [build_pt_chown=$enableval], -+ [build_pt_chown=no]) -+AC_SUBST(build_pt_chown) -+if test $build_pt_chown = yes; then -+ AC_DEFINE(HAVE_PT_CHOWN) -+fi -+ - # The way shlib-versions is used to generate soversions.mk uses a - # fairly simplistic model for name recognition that can't distinguish - # i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os ---- a/login/Makefile -+++ b/login/Makefile -@@ -29,9 +29,15 @@ routines := getutent getutent_r getutid - - CFLAGS-grantpt.c = -DLIBEXECDIR='"$(libexecdir)"' - --others = utmpdump pt_chown -+others = utmpdump -+ -+include ../Makeconfig -+ -+ifeq (yes,$(build-pt-chown)) -+others += pt_chown - others-pie = pt_chown - install-others-programs = $(inst_libexecdir)/pt_chown -+endif - - subdir-dirs = programs - vpath %.c programs ---- a/manual/install.texi -+++ b/manual/install.texi -@@ -155,6 +155,20 @@ if the used tools support it. By using - prevented though there generally is no reason since it creates - compatibility problems. - -+@pindex pt_chown -+@findex grantpt -+@item --enable-pt_chown -+The file @file{pt_chown} is a helper binary for @code{grantpt} -+(@pxref{Allocation, Pseudo-Terminals}) that is installed setuid root to -+fix up pseudo-terminal ownership. It is not built by default because -+systems using the Linux kernel are commonly built with the @code{devpts} -+filesystem enabled and mounted at @file{/dev/pts}, which manages -+pseudo-terminal ownership automatically. By using -+@samp{--enable-pt_chown}, you may build @file{pt_chown} and install it -+setuid and owned by @code{root}. The use of @file{pt_chown} introduces -+additional security risks to the system and you should enable it only if -+you understand and accept those risks. -+ - @item --build=@var{build-system} - @itemx --host=@var{host-system} - These options are for cross-compiling. If you specify both options and ---- a/sysdeps/unix/grantpt.c -+++ b/sysdeps/unix/grantpt.c -@@ -173,9 +173,10 @@ grantpt (int fd) - retval = 0; - goto cleanup; - -- /* We have to use the helper program. */ -+ /* We have to use the helper program if it is available.. */ - helper:; - -+#ifdef HAVE_PT_CHOWN - pid_t pid = __fork (); - if (pid == -1) - goto cleanup; -@@ -190,9 +191,9 @@ grantpt (int fd) - if (__dup2 (fd, PTY_FILENO) < 0) - _exit (FAIL_EBADF); - --#ifdef CLOSE_ALL_FDS -+# ifdef CLOSE_ALL_FDS - CLOSE_ALL_FDS (); --#endif -+# endif - - execle (_PATH_PT_CHOWN, basename (_PATH_PT_CHOWN), NULL, NULL); - _exit (FAIL_EXEC); -@@ -231,6 +232,7 @@ grantpt (int fd) - assert(! "getpt: internal error: invalid exit code from pt_chown"); - } - } -+#endif - - cleanup: - if (buf != _buf) ---- a/sysdeps/unix/sysv/linux/grantpt.c -+++ b/sysdeps/unix/sysv/linux/grantpt.c -@@ -11,7 +11,7 @@ - - #include "pty-private.h" - -- -+#if HAVE_PT_CHOWN - /* Close all file descriptors except the one specified. */ - static void - close_all_fds (void) -@@ -38,6 +38,7 @@ close_all_fds (void) - __dup2 (STDOUT_FILENO, STDERR_FILENO); - } - } --#define CLOSE_ALL_FDS() close_all_fds() -+# define CLOSE_ALL_FDS() close_all_fds() -+#endif - - #include <sysdeps/unix/grantpt.c> |