- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
This commit is contained in:
Nalin Dahyabhai
parent
8c4df25456
commit
2bc5a13d2a
269
2006-001-patch_1.5.txt
Normal file
269
2006-001-patch_1.5.txt
Normal file
@ -0,0 +1,269 @@
|
||||
Index: appl/gssftp/ftpd/ftpd.c
|
||||
===================================================================
|
||||
*** appl/gssftp/ftpd/ftpd.c (revision 18419)
|
||||
--- appl/gssftp/ftpd/ftpd.c (working copy)
|
||||
***************
|
||||
*** 1367,1373 ****
|
||||
goto bad;
|
||||
sleep(tries);
|
||||
}
|
||||
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||
#ifdef IP_TOS
|
||||
#ifdef IPTOS_THROUGHPUT
|
||||
on = IPTOS_THROUGHPUT;
|
||||
--- 1367,1375 ----
|
||||
goto bad;
|
||||
sleep(tries);
|
||||
}
|
||||
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
||||
! fatal("seteuid user");
|
||||
! }
|
||||
#ifdef IP_TOS
|
||||
#ifdef IPTOS_THROUGHPUT
|
||||
on = IPTOS_THROUGHPUT;
|
||||
***************
|
||||
*** 1377,1383 ****
|
||||
#endif
|
||||
return (fdopen(s, fmode));
|
||||
bad:
|
||||
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||
(void) close(s);
|
||||
return (NULL);
|
||||
}
|
||||
--- 1379,1387 ----
|
||||
#endif
|
||||
return (fdopen(s, fmode));
|
||||
bad:
|
||||
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
||||
! fatal("seteuid user");
|
||||
! }
|
||||
(void) close(s);
|
||||
return (NULL);
|
||||
}
|
||||
***************
|
||||
*** 2186,2192 ****
|
||||
(void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||
goto pasv_error;
|
||||
}
|
||||
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||
len = sizeof(pasv_addr);
|
||||
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
||||
goto pasv_error;
|
||||
--- 2190,2198 ----
|
||||
(void) krb5_seteuid((uid_t)pw->pw_uid);
|
||||
goto pasv_error;
|
||||
}
|
||||
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
||||
! fatal("seteuid user");
|
||||
! }
|
||||
len = sizeof(pasv_addr);
|
||||
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
||||
goto pasv_error;
|
||||
Index: appl/bsd/v4rcp.c
|
||||
===================================================================
|
||||
*** appl/bsd/v4rcp.c (revision 18419)
|
||||
--- appl/bsd/v4rcp.c (working copy)
|
||||
***************
|
||||
*** 436,442 ****
|
||||
kstream_set_buffer_mode (krem, 0);
|
||||
#endif /* KERBEROS && !NOENCRYPTION */
|
||||
(void) response();
|
||||
! (void) setuid(userid);
|
||||
source(--argc, ++argv);
|
||||
exit(errs);
|
||||
|
||||
--- 436,445 ----
|
||||
kstream_set_buffer_mode (krem, 0);
|
||||
#endif /* KERBEROS && !NOENCRYPTION */
|
||||
(void) response();
|
||||
! if (setuid(userid)) {
|
||||
! error("rcp: can't setuid(user)\n");
|
||||
! exit(1);
|
||||
! }
|
||||
source(--argc, ++argv);
|
||||
exit(errs);
|
||||
|
||||
***************
|
||||
*** 452,458 ****
|
||||
krem = kstream_create_from_fd (rem, 0, 0);
|
||||
kstream_set_buffer_mode (krem, 0);
|
||||
#endif /* KERBEROS && !NOENCRYPTION */
|
||||
! (void) setuid(userid);
|
||||
sink(--argc, ++argv);
|
||||
exit(errs);
|
||||
|
||||
--- 455,464 ----
|
||||
krem = kstream_create_from_fd (rem, 0, 0);
|
||||
kstream_set_buffer_mode (krem, 0);
|
||||
#endif /* KERBEROS && !NOENCRYPTION */
|
||||
! if (setuid(userid)) {
|
||||
! error("rcp: can't setuid(user)\n");
|
||||
! exit(1);
|
||||
! }
|
||||
sink(--argc, ++argv);
|
||||
exit(errs);
|
||||
|
||||
Index: appl/bsd/krcp.c
|
||||
===================================================================
|
||||
*** appl/bsd/krcp.c (revision 18419)
|
||||
--- appl/bsd/krcp.c (working copy)
|
||||
***************
|
||||
*** 620,626 ****
|
||||
|
||||
euid = geteuid();
|
||||
if (euid == 0) {
|
||||
! (void) setuid(0);
|
||||
if(krb5_seteuid(userid)) {
|
||||
perror("rcp seteuid user"); errs++; exit(errs);
|
||||
}
|
||||
--- 620,628 ----
|
||||
|
||||
euid = geteuid();
|
||||
if (euid == 0) {
|
||||
! if (setuid(0)) {
|
||||
! perror("rcp setuid 0"); errs++; exit(errs);
|
||||
! }
|
||||
if(krb5_seteuid(userid)) {
|
||||
perror("rcp seteuid user"); errs++; exit(errs);
|
||||
}
|
||||
***************
|
||||
*** 638,648 ****
|
||||
continue;
|
||||
rcmd_stream_init_normal();
|
||||
#ifdef HAVE_SETREUID
|
||||
! (void) setreuid(0, userid);
|
||||
sink(1, argv+argc-1);
|
||||
! (void) setreuid(userid, 0);
|
||||
#else
|
||||
! (void) setuid(0);
|
||||
if(seteuid(userid)) {
|
||||
perror("rcp seteuid user"); errs++; exit(errs);
|
||||
}
|
||||
--- 640,656 ----
|
||||
continue;
|
||||
rcmd_stream_init_normal();
|
||||
#ifdef HAVE_SETREUID
|
||||
! if (setreuid(0, userid)) {
|
||||
! perror("rcp setreuid 0,user"); errs++; exit(errs);
|
||||
! }
|
||||
sink(1, argv+argc-1);
|
||||
! if (setreuid(userid, 0)) {
|
||||
! perror("rcp setreuid user,0"); errs++; exit(errs);
|
||||
! }
|
||||
#else
|
||||
! if (setuid(0)) {
|
||||
! perror("rcp setuid 0"); errs++; exit(errs);
|
||||
! }
|
||||
if(seteuid(userid)) {
|
||||
perror("rcp seteuid user"); errs++; exit(errs);
|
||||
}
|
||||
Index: appl/bsd/login.c
|
||||
===================================================================
|
||||
*** appl/bsd/login.c (revision 18419)
|
||||
--- appl/bsd/login.c (working copy)
|
||||
***************
|
||||
*** 1648,1654 ****
|
||||
}
|
||||
#endif /* HAVE_SETLUID */
|
||||
#ifdef _IBMR2
|
||||
! setuidx(ID_LOGIN, pwd->pw_uid);
|
||||
#endif
|
||||
|
||||
/* This call MUST succeed */
|
||||
--- 1648,1657 ----
|
||||
}
|
||||
#endif /* HAVE_SETLUID */
|
||||
#ifdef _IBMR2
|
||||
! if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
|
||||
! perror("setuidx");
|
||||
! sleepexit(1);
|
||||
! };
|
||||
#endif
|
||||
|
||||
/* This call MUST succeed */
|
||||
Index: appl/bsd/krshd.c
|
||||
===================================================================
|
||||
*** appl/bsd/krshd.c (revision 18419)
|
||||
--- appl/bsd/krshd.c (working copy)
|
||||
***************
|
||||
*** 1403,1411 ****
|
||||
* If we're on a system which keeps track of login uids, then
|
||||
* set the login uid.
|
||||
*/
|
||||
! setluid((uid_t) pwd->pw_uid);
|
||||
#endif /* HAVE_SETLUID */
|
||||
! (void) setuid((uid_t)pwd->pw_uid);
|
||||
/* if TZ is set in the parent, drag it in */
|
||||
{
|
||||
char **findtz = environ;
|
||||
--- 1403,1417 ----
|
||||
* If we're on a system which keeps track of login uids, then
|
||||
* set the login uid.
|
||||
*/
|
||||
! if (setluid((uid_t) pwd->pw_uid) < 0) {
|
||||
! perror("setluid");
|
||||
! _exit(1);
|
||||
! }
|
||||
#endif /* HAVE_SETLUID */
|
||||
! if (setuid((uid_t)pwd->pw_uid) < 0) {
|
||||
! perror("setuid");
|
||||
! _exit(1);
|
||||
! }
|
||||
/* if TZ is set in the parent, drag it in */
|
||||
{
|
||||
char **findtz = environ;
|
||||
Index: clients/ksu/main.c
|
||||
===================================================================
|
||||
*** clients/ksu/main.c (revision 18419)
|
||||
--- clients/ksu/main.c (working copy)
|
||||
***************
|
||||
*** 892,900 ****
|
||||
const char * cc_name;
|
||||
struct stat st_temp;
|
||||
|
||||
! krb5_seteuid(0);
|
||||
! krb5_seteuid(target_uid);
|
||||
!
|
||||
cc_name = krb5_cc_get_name(context, cc);
|
||||
if ( ! stat(cc_name, &st_temp)){
|
||||
if ((retval = krb5_cc_destroy(context, cc))){
|
||||
--- 892,903 ----
|
||||
const char * cc_name;
|
||||
struct stat st_temp;
|
||||
|
||||
! if (krb5_seteuid(0) < 0 || krb5_seteuid(target_uid) < 0) {
|
||||
! com_err(prog_name, errno,
|
||||
! "while returning to source uid for destroying ccache");
|
||||
! exit(1);
|
||||
! }
|
||||
!
|
||||
cc_name = krb5_cc_get_name(context, cc);
|
||||
if ( ! stat(cc_name, &st_temp)){
|
||||
if ((retval = krb5_cc_destroy(context, cc))){
|
||||
Index: lib/krb4/kuserok.c
|
||||
===================================================================
|
||||
*** lib/krb4/kuserok.c (revision 18419)
|
||||
--- lib/krb4/kuserok.c (working copy)
|
||||
***************
|
||||
*** 159,167 ****
|
||||
*/
|
||||
if(getuid() == 0) {
|
||||
uid_t old_euid = geteuid();
|
||||
! seteuid(pwd->pw_uid);
|
||||
fp = fopen(pbuf, "r");
|
||||
! seteuid(old_euid);
|
||||
if ((fp) == NULL) {
|
||||
return(NOTOK);
|
||||
}
|
||||
--- 159,169 ----
|
||||
*/
|
||||
if(getuid() == 0) {
|
||||
uid_t old_euid = geteuid();
|
||||
! if (seteuid(pwd->pw_uid) < 0)
|
||||
! return NOTOK;
|
||||
fp = fopen(pbuf, "r");
|
||||
! if (seteuid(old_euid) < 0)
|
||||
! return NOTOK;
|
||||
if ((fp) == NULL) {
|
||||
return(NOTOK);
|
||||
}
|
||||
@ -10,7 +10,7 @@
|
||||
Summary: The Kerberos network authentication system.
|
||||
Name: krb5
|
||||
Version: 1.5
|
||||
Release: 4
|
||||
Release: 5
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -66,6 +66,7 @@ Patch40: krb5-1.4.1-telnet-environ.patch
|
||||
Patch41: krb5-1.2.7-login-lpass.patch
|
||||
Patch44: krb5-1.4.3-enospc.patch
|
||||
Patch45: krb5-1.5-gssinit.patch
|
||||
Patch46: http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt
|
||||
|
||||
License: MIT, freely distributable.
|
||||
URL: http://web.mit.edu/kerberos/www/
|
||||
@ -131,6 +132,9 @@ network uses Kerberos, this package should be installed on every
|
||||
workstation.
|
||||
|
||||
%changelog
|
||||
* Tue Aug 8 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-5
|
||||
- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
|
||||
|
||||
* Mon Aug 7 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-4
|
||||
- ensure that the gssapi library's been initialized before walking the
|
||||
internal mechanism list in gss_release_oid(), needed if called from
|
||||
@ -937,6 +941,9 @@ workstation.
|
||||
%patch41 -p1 -b .login-lpass
|
||||
%patch44 -p1 -b .enospc
|
||||
%patch45 -p1 -b .gssinit
|
||||
pushd src
|
||||
%patch46 -p0 -b .2006-001
|
||||
popd
|
||||
cp src/krb524/README README.krb524
|
||||
gzip doc/*.ps
|
||||
cd src
|
||||
|
||||
Loading…
Reference in New Issue
Block a user