From 425e7d2796972f2d6822d94798187f744911888e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 19 Sep 2009 01:40:53 +0000 Subject: [PATCH] * Fri Sep 18 2009 Dan Walsh 2.0.74-3 - Security fixes for seunshare - Fix Sandbox to handle non file input to command. --- policycoreutils-rhat.patch | 52 ++++++++++++++------------------------ policycoreutils.spec | 6 ++++- 2 files changed, 24 insertions(+), 34 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index fcca135..056d9ea 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1222,8 +1222,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +relabel: diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox --- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-17 15:05:17.000000000 -0400 -@@ -0,0 +1,202 @@ ++++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-18 21:38:37.000000000 -0400 +@@ -0,0 +1,207 @@ +#!/usr/bin/python -E +import os, sys, getopt, socket, random, fcntl, shutil +import selinux @@ -1390,7 +1390,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + warnings.resetwarnings() + paths = [] + for i in cmds: -+ paths.append(os.path.realpath(i)) ++ f = os.path.realpath(i) ++ if os.path.exists(f): ++ paths.append(f) ++ else: ++ paths.append(i) ++ + copyfiles(newhomedir, newtmpdir, init_files + paths) + execfile = newhomedir + "/.sandboxrc" + fd = open(execfile, "w+") @@ -1478,8 +1483,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +done diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c --- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-17 15:05:44.000000000 -0400 -@@ -0,0 +1,284 @@ ++++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-18 09:58:46.000000000 -0400 +@@ -0,0 +1,265 @@ +#include +#include +#include @@ -1506,33 +1511,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +#include + +/** -+ * This function will drop the capabilities so that we are left -+ * only with access to the audit system and the ability to raise -+ * CAP_SYS_ADMIN before invoking unshare and mounting a couple of directories. -+ * These capabilities are needed for performing bind mounts/unmounts -+ * and to create potential new instance directories with appropriate -+ * DAC attributes. -+ * ++ * This function will drop all capabilities + * Returns zero on success, non-zero otherwise + */ -+static int drop_capabilities(int all, uid_t uid) ++static int drop_capabilities(uid_t uid) +{ + capng_clear(CAPNG_SELECT_BOTH); + -+ if (all) { -+ if (capng_lock() < 0) -+ return -1; -+ /* Change uid */ -+ if (setresuid(uid, uid, uid)) { -+ fprintf(stderr, "Error changing uid, aborting.\n"); -+ return -1; -+ } -+ } else { -+ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, CAP_SETUID, -1) < 0) { -+ fprintf(stderr, "Error running capng_updatev\n"); -+ return -1; -+ } -+ } ++ if (capng_lock() < 0) ++ return -1; ++ /* Change uid */ ++ if (setresuid(uid, uid, uid)) { ++ fprintf(stderr, "Error changing uid, aborting.\n"); ++ return -1; + + return capng_apply(CAPNG_SELECT_BOTH); +} @@ -1626,7 +1617,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + {"tmpdir", 1, 0, 't'}, + {NULL, 0, 0, 0} + }; -+ capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE); + + uid_t uid = getuid(); + @@ -1643,10 +1633,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + + if (verify_shell(pwd->pw_shell) == 0) { + fprintf(stderr, "Error! Shell is not valid.\n"); -+ } -+ -+ if (drop_capabilities(FALSE, uid)) { -+ perror("Failed to drop capabilities"); + return -1; + } + @@ -1710,7 +1696,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + if (tmpdir_s && verify_mount("/tmp", pwd) < 0) + return -1; + -+ if (drop_capabilities(TRUE, uid)) { ++ if (drop_capabilities(uid)) { + perror("Failed to drop all capabilities"); + return -1; + } diff --git a/policycoreutils.spec b/policycoreutils.spec index 811672a..659a822 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.74 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -297,6 +297,10 @@ fi exit 0 %changelog +* Fri Sep 18 2009 Dan Walsh 2.0.74-3 +- Security fixes for seunshare +- Fix Sandbox to handle non file input to command. + * Thu Sep 17 2009 Dan Walsh 2.0.74-2 - Security fixes for seunshare