Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch')
-rw-r--r--app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch75
1 files changed, 75 insertions, 0 deletions
diff --git a/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch b/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch
new file mode 100644
index 000000000000..73432d412faf
--- /dev/null
+++ b/app-emulation/xen-tools/files/xen-tools-3.0.4_p1-pygrub-security-fix.patch
@@ -0,0 +1,75 @@
+Protect pygrub from possible malicious content in guest grub
+config file. This fixes CVE-2007-4993. Original patch from
+Jeremy Katz, I updated to close 2 remaining issues pointed out
+by Christian and Keir, and to use setattr(self, ...).
+
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+
+(Tweeked for Xen 3.0.4)
+---
+diff -r a00cc97b392a tools/pygrub/src/GrubConf.py
+--- a/tools/pygrub/src/GrubConf.py Wed Sep 12 09:43:33 2007 +0100
++++ b/tools/pygrub/src/GrubConf.py Mon Sep 24 12:43:19 2007 -0700
+@@ -101,7 +101,7 @@ class GrubImage(object):
+
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored image directive %s" %(com,))
+ else:
+@@ -142,11 +142,11 @@ class GrubImage(object):
+ initrd = property(get_initrd, set_initrd)
+
+ # set up command handlers
+- commands = { "title": "self.title",
+- "root": "self.root",
+- "rootnoverify": "self.root",
+- "kernel": "self.kernel",
+- "initrd": "self.initrd",
++ commands = { "title": "title",
++ "root": "root",
++ "rootnoverify": "root",
++ "kernel": "kernel",
++ "initrd": "initrd",
+ "chainloader": None,
+ "module": None}
+
+@@ -195,7 +195,7 @@ class GrubConfigFile(object):
+ (com, arg) = grub_exact_split(l, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else:
+@@ -208,7 +208,7 @@ class GrubConfigFile(object):
+ (com, arg) = grub_exact_split(line, 2)
+ if self.commands.has_key(com):
+ if self.commands[com] is not None:
+- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
++ setattr(self, self.commands[com], arg.strip())
+ else:
+ logging.info("Ignored directive %s" %(com,))
+ else:
+@@ -236,12 +236,12 @@ class GrubConfigFile(object):
+ splash = property(get_splash, set_splash)
+
+ # set up command handlers
+- commands = { "default": "self.default",
+- "timeout": "self.timeout",
+- "fallback": "self.fallback",
+- "hiddenmenu": "self.hiddenmenu",
+- "splashimage": "self.splash",
+- "password": "self.password" }
++ commands = { "default": "default",
++ "timeout": "timeout",
++ "fallback": "fallback",
++ "hiddenmenu": "hiddenmenu",
++ "splashimage": "splash",
++ "password": "password" }
+ for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig",
+ "pager", "partnew", "parttype", "rarp", "serial",
+ "setkey", "terminal", "terminfo", "tftpserver", "unhide"):