* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
- Security fixes for seunshare - Fix Sandbox to handle non file input to command.
This commit is contained in:
parent
b98d816316
commit
425e7d2796
@ -1222,8 +1222,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+relabel:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
|
||||
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-17 15:05:17.000000000 -0400
|
||||
@@ -0,0 +1,202 @@
|
||||
+++ policycoreutils-2.0.74/sandbox/sandbox 2009-09-18 21:38:37.000000000 -0400
|
||||
@@ -0,0 +1,207 @@
|
||||
+#!/usr/bin/python -E
|
||||
+import os, sys, getopt, socket, random, fcntl, shutil
|
||||
+import selinux
|
||||
@ -1390,7 +1390,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+ warnings.resetwarnings()
|
||||
+ paths = []
|
||||
+ for i in cmds:
|
||||
+ paths.append(os.path.realpath(i))
|
||||
+ f = os.path.realpath(i)
|
||||
+ if os.path.exists(f):
|
||||
+ paths.append(f)
|
||||
+ else:
|
||||
+ paths.append(i)
|
||||
+
|
||||
+ copyfiles(newhomedir, newtmpdir, init_files + paths)
|
||||
+ execfile = newhomedir + "/.sandboxrc"
|
||||
+ fd = open(execfile, "w+")
|
||||
@ -1478,8 +1483,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+done
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c
|
||||
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-17 15:05:44.000000000 -0400
|
||||
@@ -0,0 +1,284 @@
|
||||
+++ policycoreutils-2.0.74/sandbox/seunshare.c 2009-09-18 09:58:46.000000000 -0400
|
||||
@@ -0,0 +1,265 @@
|
||||
+#include <signal.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/wait.h>
|
||||
@ -1506,33 +1511,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+#include <unistd.h>
|
||||
+
|
||||
+/**
|
||||
+ * This function will drop the capabilities so that we are left
|
||||
+ * only with access to the audit system and the ability to raise
|
||||
+ * CAP_SYS_ADMIN before invoking unshare and mounting a couple of directories.
|
||||
+ * These capabilities are needed for performing bind mounts/unmounts
|
||||
+ * and to create potential new instance directories with appropriate
|
||||
+ * DAC attributes.
|
||||
+ *
|
||||
+ * This function will drop all capabilities
|
||||
+ * Returns zero on success, non-zero otherwise
|
||||
+ */
|
||||
+static int drop_capabilities(int all, uid_t uid)
|
||||
+static int drop_capabilities(uid_t uid)
|
||||
+{
|
||||
+ capng_clear(CAPNG_SELECT_BOTH);
|
||||
+
|
||||
+ if (all) {
|
||||
+ if (capng_lock() < 0)
|
||||
+ return -1;
|
||||
+ /* Change uid */
|
||||
+ if (setresuid(uid, uid, uid)) {
|
||||
+ fprintf(stderr, "Error changing uid, aborting.\n");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, CAP_SETUID, -1) < 0) {
|
||||
+ fprintf(stderr, "Error running capng_updatev\n");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ if (capng_lock() < 0)
|
||||
+ return -1;
|
||||
+ /* Change uid */
|
||||
+ if (setresuid(uid, uid, uid)) {
|
||||
+ fprintf(stderr, "Error changing uid, aborting.\n");
|
||||
+ return -1;
|
||||
+
|
||||
+ return capng_apply(CAPNG_SELECT_BOTH);
|
||||
+}
|
||||
@ -1626,7 +1617,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+ {"tmpdir", 1, 0, 't'},
|
||||
+ {NULL, 0, 0, 0}
|
||||
+ };
|
||||
+ capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE);
|
||||
+
|
||||
+ uid_t uid = getuid();
|
||||
+
|
||||
@ -1643,10 +1633,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+
|
||||
+ if (verify_shell(pwd->pw_shell) == 0) {
|
||||
+ fprintf(stderr, "Error! Shell is not valid.\n");
|
||||
+ }
|
||||
+
|
||||
+ if (drop_capabilities(FALSE, uid)) {
|
||||
+ perror("Failed to drop capabilities");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
@ -1710,7 +1696,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
||||
+ if (tmpdir_s && verify_mount("/tmp", pwd) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (drop_capabilities(TRUE, uid)) {
|
||||
+ if (drop_capabilities(uid)) {
|
||||
+ perror("Failed to drop all capabilities");
|
||||
+ return -1;
|
||||
+ }
|
||||
|
@ -6,7 +6,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.74
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -297,6 +297,10 @@ fi
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
|
||||
- Security fixes for seunshare
|
||||
- Fix Sandbox to handle non file input to command.
|
||||
|
||||
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
|
||||
- Security fixes for seunshare
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user