Nikola Forró
parent
636c5ecd0e
commit
82a95ea45b
33
libcgroup-0.41-CVE-2018-14348.patch
Normal file
33
libcgroup-0.41-CVE-2018-14348.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 94e9dcead2e8bce00deeef08ea364ec6dc7e1f45 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Hocko <mhocko@suse.com>
|
||||
Date: Wed, 18 Jul 2018 11:24:29 +0200
|
||||
Subject: [PATCH] cgrulesengd: remove umask(0)
|
||||
|
||||
One of our partners has noticed that cgred daemon is creating a log file
|
||||
(/var/log/cgred) with too wide permissions (0666) and that is seen as
|
||||
a security bug because an untrusted user can write to otherwise
|
||||
restricted area. CVE-2018-14348 has been assigned to this issue.
|
||||
|
||||
Signed-off-by: Michal Hocko <mhocko@suse.com>
|
||||
Acked-by: Balbir Singh <bsingharora@gmail.com>
|
||||
---
|
||||
src/daemon/cgrulesengd.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
|
||||
index 170837a..41aadd4 100644
|
||||
--- a/src/daemon/cgrulesengd.c
|
||||
+++ b/src/daemon/cgrulesengd.c
|
||||
@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf,
|
||||
} else if (pid > 0) {
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
-
|
||||
- /* Change the file mode mask. */
|
||||
- umask(0);
|
||||
} else {
|
||||
flog(LOG_DEBUG, "Not using daemon mode\n");
|
||||
pid = getpid();
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
Summary: Library to control and monitor control groups
|
||||
Name: libcgroup
|
||||
Version: 0.41
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
URL: http://libcg.sourceforge.net/
|
||||
@ -29,6 +29,7 @@ Patch11: libcgroup-0.41-prevent-buffer-overflow.patch
|
||||
Patch12: libcgroup-0.41-tasks-file-warning.patch
|
||||
Patch13: libcgroup-0.41-fix-log-level.patch
|
||||
Patch14: libcgroup-0.41-size-of-controller-values.patch
|
||||
Patch15: libcgroup-0.41-CVE-2018-14348.patch
|
||||
|
||||
BuildRequires: gcc, gcc-c++
|
||||
BuildRequires: byacc, coreutils, flex, pam-devel, systemd-units
|
||||
@ -88,6 +89,7 @@ provide scripts to manage that configuration.
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
|
||||
%build
|
||||
%configure --enable-pam-module-dir=%{_libdir}/security \
|
||||
@ -184,6 +186,10 @@ getent group cgred >/dev/null || groupadd -r cgred
|
||||
%{_libdir}/pkgconfig/libcgroup.pc
|
||||
|
||||
%changelog
|
||||
* Thu Aug 02 2018 Nikola Forró <nforro@redhat.com> - 0.41-20
|
||||
- resolves: #1611121
|
||||
fix CVE-2018-14348
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.41-19
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user