Fix insecure permissions on multipathd.sock (CVE-2009-0115)

This commit is contained in:
Milan Broz 2009-04-07 19:39:27 +00:00
parent 8f7403ae6d
commit b3b10f9bcf
2 changed files with 23 additions and 1 deletions

View File

@ -1,7 +1,7 @@
Summary: Tools to manage multipath devices using device-mapper Summary: Tools to manage multipath devices using device-mapper
Name: device-mapper-multipath Name: device-mapper-multipath
Version: 0.4.8 Version: 0.4.8
Release: 9%{?dist} Release: 10%{?dist}
License: GPL+ License: GPL+
Group: System Environment/Base Group: System Environment/Base
URL: http://christophe.varoqui.free.fr/ URL: http://christophe.varoqui.free.fr/
@ -20,6 +20,7 @@ Patch10: fix_devt.patch
Patch11: directio_message_cleanup.patch Patch11: directio_message_cleanup.patch
Patch12: binding_error.patch Patch12: binding_error.patch
Patch13: fix_kpartx.patch Patch13: fix_kpartx.patch
Patch14: fix_umask.patch
Requires: kpartx = %{version}-%{release} Requires: kpartx = %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(post): chkconfig Requires(post): chkconfig
@ -60,6 +61,7 @@ kpartx manages partition creation and removal for device-mapper devices.
%patch11 -p1 -b .directio_message %patch11 -p1 -b .directio_message
%patch12 -p1 -b .binding_error %patch12 -p1 -b .binding_error
%patch13 -p1 -b .ext_part %patch13 -p1 -b .ext_part
%patch14 -p1 -b .umask
%build %build
make %{?_smp_mflags} DESTDIR=$RPM_BUILD_ROOT make %{?_smp_mflags} DESTDIR=$RPM_BUILD_ROOT
@ -111,6 +113,9 @@ fi
%{_mandir}/man8/kpartx.8.gz %{_mandir}/man8/kpartx.8.gz
%changelog %changelog
* Thu Apr 7 2009 Milan Broz <mbroz@redhat.com> - 0.4.8-10
- Fix insecure permissions on multipathd.sock (CVE-2009-0115)
* Fri Mar 6 2009 Milan Broz <mbroz@redhat.com> - 0.4.8-9 * Fri Mar 6 2009 Milan Broz <mbroz@redhat.com> - 0.4.8-9
- Fix kpartx extended partition handling (475283) - Fix kpartx extended partition handling (475283)

17
fix_umask.patch Normal file
View File

@ -0,0 +1,17 @@
--- multipath-tools.old/multipathd/main.c 2009-04-02 12:22:37.000000000 +0200
+++ multipath-tools/multipathd/main.c 2009-04-02 12:25:13.000000000 +0200
@@ -718,6 +718,7 @@ uxlsnrloop (void * ap)
set_handler_callback(REINSTATE+PATH, cli_reinstate);
set_handler_callback(FAIL+PATH, cli_fail);
+ umask(077);
uxsock_listen(&uxsock_trigger, ap);
return NULL;
@@ -1436,7 +1437,6 @@ daemonize(void)
close(in_fd);
close(out_fd);
chdir("/");
- umask(0);
return 0;
}