Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/libcgroup/files
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2018-08-22 20:17:31 -0400
committerAnthony G. Basile <blueness@gentoo.org>2018-08-22 20:17:31 -0400
commit33e9f4c81de754bbf76b893ea1133ed023f2a0e5 (patch)
tree968c11fd875fbee0e98d7fe3f47a5ab85e633f34 /dev-libs/libcgroup/files
parentsys-kernel/gentoo-sources: Linux patch 4.4.151 (diff)
downloadgentoo-33e9f4c81de754bbf76b893ea1133ed023f2a0e5.tar.gz
gentoo-33e9f4c81de754bbf76b893ea1133ed023f2a0e5.tar.bz2
gentoo-33e9f4c81de754bbf76b893ea1133ed023f2a0e5.zip
dev-libs/libcgroup: address CVE-2018-14348, bug #664324
Package-Manager: Portage-2.3.40, Repoman-2.3.9
Diffstat (limited to 'dev-libs/libcgroup/files')
-rw-r--r--dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch b/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch
new file mode 100644
index 000000000000..42286ae8785f
--- /dev/null
+++ b/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch
@@ -0,0 +1,28 @@
+commit 0d88b73d189ea3440ccaab00418d6469f76fa590
+Author: Michal Hocko <mhocko@suse.com>
+Date: Wed Jul 18 11:24:29 2018 +0200
+
+ cgrulesengd: remove umask(0)
+
+ One of our partners has noticed that cgred daemon is creating a log file
+ (/var/log/cgred) with too wide permissions (0666) and that is seen as
+ a security bug because an untrusted user can write to otherwise
+ restricted area. CVE-2018-14348 has been assigned to this issue.
+
+ Signed-off-by: Michal Hocko <mhocko@suse.com>
+ Acked-by: Balbir Singh <bsingharora@gmail.com>
+
+diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
+index ea51f11..0d288f3 100644
+--- a/src/daemon/cgrulesengd.c
++++ b/src/daemon/cgrulesengd.c
+@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
+ } else if (pid > 0) {
+ exit(EXIT_SUCCESS);
+ }
+-
+- /* Change the file mode mask. */
+- umask(0);
+ } else {
+ flog(LOG_DEBUG, "Not using daemon mode\n");
+ pid = getpid();