import fapolicyd-1.1.3-8.el8_7.1
This commit is contained in:
CentOS Sources
root
parent
e01032db0f
commit
111b19ec94
22
SOURCES/fapolicyd-static-app.patch
Normal file
22
SOURCES/fapolicyd-static-app.patch
Normal file
@ -0,0 +1,22 @@
|
||||
From 67c116d07ed4e73127392a2100a042882488585a Mon Sep 17 00:00:00 2001
|
||||
From: Steve Grubb <sgrubb@redhat.com>
|
||||
Date: Tue, 27 Sep 2022 10:32:28 -0400
|
||||
Subject: [PATCH] Detect trusted static apps running programs by ld.so
|
||||
|
||||
---
|
||||
ChangeLog | 1 +
|
||||
src/library/event.c | 1 -
|
||||
2 files changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/library/event.c b/src/library/event.c
|
||||
index cbb4292..4d79eb9 100644
|
||||
--- a/src/library/event.c
|
||||
+++ b/src/library/event.c
|
||||
@@ -149,7 +149,6 @@ int new_event(const struct fanotify_event_metadata *m, event_t *e)
|
||||
skip_path = 1;
|
||||
}
|
||||
evict = 0;
|
||||
- skip_path = 1;
|
||||
subject_reset(s, EXE);
|
||||
subject_reset(s, COMM);
|
||||
subject_reset(s, EXE_TYPE);
|
||||
@ -5,7 +5,7 @@
|
||||
Summary: Application Whitelisting Daemon
|
||||
Name: fapolicyd
|
||||
Version: 1.1.3
|
||||
Release: 8%{?dist}
|
||||
Release: 8%{?dist}.1
|
||||
License: GPLv3+
|
||||
URL: http://people.redhat.com/sgrubb/fapolicyd
|
||||
Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
|
||||
@ -40,6 +40,9 @@ Patch7: fapolicyd-cli-segfault.patch
|
||||
Patch8: fapolicyd-sighup.patch
|
||||
Patch9: fapolicyd-readme.patch
|
||||
|
||||
# 2137251 - statically linked app can execute untrusted app [rhel-8.7.0.z]
|
||||
Patch10: fapolicyd-static-app.patch
|
||||
|
||||
%description
|
||||
Fapolicyd (File Access Policy Daemon) implements application whitelisting
|
||||
to decide file access rights. Applications that are known via a reputation
|
||||
@ -75,6 +78,8 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon.
|
||||
%patch8 -p1 -b .sighup
|
||||
%patch9 -p1 -b .readme
|
||||
|
||||
%patch10 -p1 -b .static
|
||||
|
||||
# generate rules for python
|
||||
sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
|
||||
sed -i "s|%python3_path%|`readlink -f %{__python3}`|g" rules.d/*.rules
|
||||
@ -262,6 +267,11 @@ fi
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
%changelog
|
||||
* Wed Oct 26 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8.1
|
||||
RHEL 8.7.0.Z ERRATUM
|
||||
- statically linked app can execute untrusted app
|
||||
Resolves: rhbz#2137251
|
||||
|
||||
* Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8
|
||||
RHEL 8.7.0 ERRATUM
|
||||
- rebase fapolicyd to the latest stable vesion
|
||||
|
||||
Loading…
Reference in New Issue
Block a user