summaryrefslogtreecommitdiff
path: root/sys-fs
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2009-10-30 07:01:35 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2009-10-30 07:01:35 +0000
commit5a6cc37c37c15d6b24b9da038796c6522f7f43d2 (patch)
treea496bcfb2dd1a0f351bfbf7107cf7c7c0a5ee1df /sys-fs
parentUpstream is a slacker and has not made a release in 2+ years despite being ac... (diff)
downloadgentoo-2-5a6cc37c37c15d6b24b9da038796c6522f7f43d2.tar.gz
gentoo-2-5a6cc37c37c15d6b24b9da038796c6522f7f43d2.tar.bz2
gentoo-2-5a6cc37c37c15d6b24b9da038796c6522f7f43d2.zip
Missed one more patch, bug #264564, fix for CVE-2009-0115.
(Portage version: 2.2_rc46/cvs/Linux x86_64)
Diffstat (limited to 'sys-fs')
-rw-r--r--sys-fs/multipath-tools/ChangeLog7
-rw-r--r--sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch29
-rw-r--r--sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild4
3 files changed, 38 insertions, 2 deletions
diff --git a/sys-fs/multipath-tools/ChangeLog b/sys-fs/multipath-tools/ChangeLog
index 315e1c7aca0c..eefb0f5edef8 100644
--- a/sys-fs/multipath-tools/ChangeLog
+++ b/sys-fs/multipath-tools/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for sys-fs/multipath-tools
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/ChangeLog,v 1.27 2009/10/30 06:50:12 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/ChangeLog,v 1.28 2009/10/30 07:01:35 robbat2 Exp $
+
+ 30 Oct 2009; Robin H. Johnson <robbat2@gentoo.org>
+ multipath-tools-0.4.8-r1.ebuild,
+ +files/multipath-tools-0.4.8-socket-cve-2009-0115.patch:
+ Missed one more patch, bug #264564, fix for CVE-2009-0115.
*multipath-tools-0.4.8-r1 (30 Oct 2009)
diff --git a/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch b/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch
new file mode 100644
index 000000000000..deab7620657d
--- /dev/null
+++ b/sys-fs/multipath-tools/files/multipath-tools-0.4.8-socket-cve-2009-0115.patch
@@ -0,0 +1,29 @@
+From: Hannes Reinecke <hare@suse.de>
+Date: Wed, 1 Apr 2009 20:31:01 +0000 (+0200)
+Subject: [multipathd] /var/run/multipathd.sock is world-writable
+X-Git-Url: http://git.kernel.org/gitweb.cgi?p=linux%2Fstorage%2Fmultipath-tools%2F.git;a=commitdiff_plain;h=0a0319d381249760c71023edbe0ac9c093bb4a74;hp=15d4bdddcb9b71e0ec6fecc3c37a1b8cae8f51ff
+
+[multipathd] /var/run/multipathd.sock is world-writable
+
+Due to an stray 'umask()' the socket file is in fact world-writable,
+allowing for an easy exploit.
+
+References: 458598
+---
+
+diff --git a/multipathd/main.c b/multipathd/main.c
+index 8a1a63d..9957f1f 100644
+--- a/multipathd/main.c
++++ b/multipathd/main.c
+@@ -1454,8 +1454,9 @@ daemonize(void)
+
+ close(in_fd);
+ close(out_fd);
+- chdir("/");
+- umask(0);
++ if (chdir("/") < 0)
++ fprintf(stderr, "cannot chdir to '/', continuing\n");
++
+ return 0;
+ }
+
diff --git a/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild b/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild
index 24126b09f986..1db3527e9982 100644
--- a/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild
+++ b/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild,v 1.1 2009/10/30 06:50:12 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/multipath-tools/multipath-tools-0.4.8-r1.ebuild,v 1.2 2009/10/30 07:01:35 robbat2 Exp $
EAPI=2
inherit eutils toolchain-funcs
@@ -28,6 +28,8 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-0.4.8-udev-scsi_id-changes.patch
# Patch per upstream tree for 1GiB limit of kpartx
epatch "${FILESDIR}"/${PN}-0.4.8-r1-kpartx.patch
+ # CVE-2009-0115, world writable socket
+ epatch "${FILESDIR}"/${PN}-0.4.8-socket-cve-2009-0115.patch
}
src_compile() {