rpms/pmix
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS pmix-2.2.5-3.el8

Browse Source
This commit is contained in:
eabdullin 2024-03-27 20:16:53 +00:00
parent 31f945e4a9
commit 6a5cf3a9f2
2 changed files with 132 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
SOURCES/0001-Do-not-follow-links-when-doing-chown.patch Normal file
View File

@ -0,0 +1,119 @@
From 085f1d8ec56b3fe81ef3a0994d156ddf83342f49 Mon Sep 17 00:00:00 2001
From: Ralph Castain <rhc@pmix.org>
Date: Thu, 7 Sep 2023 07:59:57 -0600
Subject: [PATCH] Do not follow links when doing "chown"
There is a potential issue with allowing a "chown" operation
to follow user-created links, so let's limit any use of that
function to "lchown" - which directs the "chown" operation to
NOT follow a link.
Signed-off-by: Ralph Castain <rhc@pmix.org>
(cherry picked from commit ae62cdf67b19e80fd821420816f09bf0a56a8166)
(cherry picked from commit da036933c2795c1f40d0835e15f17e204e4daf0f)
Signed-off-by: Kamal Heib <kheib@redhat.com>
---
src/mca/common/dstore/dstore_base.c | 4 ++--
src/mca/common/dstore/dstore_segment.c | 4 ++--
src/mca/gds/ds12/gds_ds12_lock_fcntl.c | 2 +-
src/mca/gds/ds12/gds_ds12_lock_pthread.c | 2 +-
src/mca/ptl/usock/ptl_usock_component.c | 6 +++---
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/mca/common/dstore/dstore_base.c b/src/mca/common/dstore/dstore_base.c
index 5568c9434778..68eeabdbc4d7 100644
--- a/src/mca/common/dstore/dstore_base.c
+++ b/src/mca/common/dstore/dstore_base.c
@@ -525,7 +525,7 @@ static int _esh_session_init(pmix_common_dstore_ctx_t *ds_ctx, size_t idx, ns_ma
}
}
if (s->setjobuid > 0){
- if (0 > chown(s->nspace_path, (uid_t) s->jobuid, (gid_t) -1)){
+ if (0 > lchown(s->nspace_path, (uid_t) s->jobuid, (gid_t) -1)){
rc = PMIX_ERROR;
PMIX_ERROR_LOG(rc);
return rc;
@@ -1661,7 +1661,7 @@ pmix_common_dstore_ctx_t *pmix_common_dstor_init(const char *ds_name, pmix_info_
}
}
if (ds_ctx->setjobuid > 0) {
- if (chown(ds_ctx->base_path, (uid_t) ds_ctx->jobuid, (gid_t) -1) < 0){
+ if (lchown(ds_ctx->base_path, (uid_t) ds_ctx->jobuid, (gid_t) -1) < 0){
rc = PMIX_ERR_NO_PERMISSIONS;
PMIX_ERROR_LOG(rc);
goto err_exit;
diff --git a/src/mca/common/dstore/dstore_segment.c b/src/mca/common/dstore/dstore_segment.c
index a219bed9c0bf..4a7c55ea9c8f 100644
--- a/src/mca/common/dstore/dstore_segment.c
+++ b/src/mca/common/dstore/dstore_segment.c
@@ -109,7 +109,7 @@ PMIX_EXPORT pmix_dstore_seg_desc_t *pmix_common_dstor_create_new_lock_seg(const
if (setuid > 0){
rc = PMIX_ERR_PERM;
- if (0 > chown(file_name, (uid_t) uid, (gid_t) -1)){
+ if (0 > lchown(file_name, (uid_t) uid, (gid_t) -1)){
PMIX_ERROR_LOG(rc);
goto err_exit;
}
@@ -200,7 +200,7 @@ PMIX_EXPORT pmix_dstore_seg_desc_t *pmix_common_dstor_create_new_segment(pmix_ds
if (setuid > 0){
rc = PMIX_ERR_PERM;
- if (0 > chown(file_name, (uid_t) uid, (gid_t) -1)){
+ if (0 > lchown(file_name, (uid_t) uid, (gid_t) -1)){
PMIX_ERROR_LOG(rc);
goto err_exit;
}
diff --git a/src/mca/gds/ds12/gds_ds12_lock_fcntl.c b/src/mca/gds/ds12/gds_ds12_lock_fcntl.c
index 759bf4093747..515b3298136f 100644
--- a/src/mca/gds/ds12/gds_ds12_lock_fcntl.c
+++ b/src/mca/gds/ds12/gds_ds12_lock_fcntl.c
@@ -127,7 +127,7 @@ pmix_status_t pmix_gds_ds12_lock_init(pmix_common_dstor_lock_ctx_t *ctx, const c
}
}
if (0 != setuid) {
- if (0 > chown(lock_ctx->lockfile, uid, (gid_t) -1)) {
+ if (0 > lchown(lock_ctx->lockfile, uid, (gid_t) -1)) {
rc = PMIX_ERROR;
PMIX_ERROR_LOG(rc);
goto error;
diff --git a/src/mca/gds/ds12/gds_ds12_lock_pthread.c b/src/mca/gds/ds12/gds_ds12_lock_pthread.c
index 1c9e9b79bb3e..fe7e64be4194 100644
--- a/src/mca/gds/ds12/gds_ds12_lock_pthread.c
+++ b/src/mca/gds/ds12/gds_ds12_lock_pthread.c
@@ -113,7 +113,7 @@ pmix_status_t pmix_gds_ds12_lock_init(pmix_common_dstor_lock_ctx_t *ctx, const c
}
memset(lock_ctx->segment->seg_base_addr, 0, size);
if (0 != setuid) {
- if (0 > chown(lock_ctx->lockfile, (uid_t) uid, (gid_t) -1)){
+ if (0 > lchown(lock_ctx->lockfile, (uid_t) uid, (gid_t) -1)){
rc = PMIX_ERROR;
PMIX_ERROR_LOG(rc);
goto error;
diff --git a/src/mca/ptl/usock/ptl_usock_component.c b/src/mca/ptl/usock/ptl_usock_component.c
index f65d49ffde79..a6c1fdb496b3 100644
--- a/src/mca/ptl/usock/ptl_usock_component.c
+++ b/src/mca/ptl/usock/ptl_usock_component.c
@@ -276,16 +276,16 @@ static pmix_status_t setup_listener(pmix_info_t info[], size_t ninfo,
CLOSE_THE_SOCKET(lt->socket);
goto sockerror;
}
- /* chown as required */
+ /* lchown as required */
if (lt->owner_given) {
- if (0 != chown(address->sun_path, lt->owner, -1)) {
+ if (0 != lchown(address->sun_path, lt->owner, -1)) {
pmix_output(0, "CANNOT CHOWN socket %s: %s", address->sun_path, strerror (errno));
CLOSE_THE_SOCKET(lt->socket);
goto sockerror;
}
}
if (lt->group_given) {
- if (0 != chown(address->sun_path, -1, lt->group)) {
+ if (0 != lchown(address->sun_path, -1, lt->group)) {
pmix_output(0, "CANNOT CHOWN socket %s: %s", address->sun_path, strerror (errno));
CLOSE_THE_SOCKET(lt->socket);
goto sockerror;
--
2.41.0

14
SPECS/pmix.spec
View File

@ -1,11 +1,13 @@
Name: pmix
Version: 2.2.5
Release: 1%{?dist}
Release: 3%{?dist}
Summary: Process Management Interface Exascale (PMIx)
License: BSD
URL: https://pmix.org/
Source0: https://github.com/pmix/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
Patch1: 0001-Do-not-follow-links-when-doing-chown.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: environment(modules)
@ -50,6 +52,8 @@ developing applications that use %{name}.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1
echo touching lexer sources to recompile them ...
find src -name \*.l -print -exec touch --no-create {} \;
@ -173,6 +177,14 @@ EOF
%{_libdir}/pkgconfig/*.pc
%changelog
* Tue Nov 14 2023 Kamal Heib <kheib@redhat.com> - 2.2.5-3
- Add gating test
- Resolves: RHEL-3692
* Thu Nov 02 2023 Kamal Heib <kheib@redhat.com> - 2.2.5-2
- Fix CVE-2023-41915
- Resolves: RHEL-3692
* Mon Oct 11 2021 Honggang Li <honli@redhat.com> - 2.2.5-1
- Update to 2.2.5
- Related: rhbz#2008513