fix cve-2007-3852 - sysstat insecure temporary file usage
This commit is contained in:
Ivana Varekova
parent
e48876ae34
commit
280ceea607
37
sysstat-7.0.4-cve_2007_3852.patch
Normal file
37
sysstat-7.0.4-cve_2007_3852.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
--- sysstat-7.0.4/sysstat.in.cve3852 2007-08-15 15:15:04.000000000 +0200
|
||||||
|
+++ sysstat-7.0.4/sysstat.in 2007-08-15 15:17:31.000000000 +0200
|
||||||
|
@@ -20,13 +20,11 @@
|
||||||
|
|
||||||
|
RETVAL=0
|
||||||
|
HISTORY=0
|
||||||
|
-TMPDIR=/var/run/
|
||||||
|
-# Remove flag indicating that sadc was successfully launched
|
||||||
|
-rm -f ${TMPDIR}sysstat.run
|
||||||
|
|
||||||
|
# See how we were called.
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
+ exitCodeIndicator="$(mktemp /tmp/sysstat-XXXXXX)" || exit 1
|
||||||
|
[ -r /etc/sysconfig/sysstat ] && . /etc/sysconfig/sysstat
|
||||||
|
if [ ${HISTORY} -gt 28 ]
|
||||||
|
then
|
||||||
|
@@ -43,15 +41,15 @@ case "$1" in
|
||||||
|
CHOWN ${CURRENTDIR} ${CURRENTFILE} ${CURRENTDIR}/${CURRENTFILE}
|
||||||
|
fi
|
||||||
|
echo -n "Calling the system activity data collector (sadc): "
|
||||||
|
- SU SA_LIB_DIR/sadc -F -L - && touch ${TMPDIR}sysstat.run QUOTE
|
||||||
|
+ SU SA_LIB_DIR/sadc -F -L - || rm -f ${exitCodeIndicator} QUOTE
|
||||||
|
|
||||||
|
# Try to guess if sadc was successfully launched. The difficulty
|
||||||
|
# here is that the exit code is lost when the above command is
|
||||||
|
# run via "su foo -c ..."
|
||||||
|
- if [ ! -f ${TMPDIR}sysstat.run ]; then
|
||||||
|
- RETVAL=1
|
||||||
|
+ if [ -f "${exitCodeIndicator}" ]; then
|
||||||
|
+ rm -f ${exitCodeIndicator}
|
||||||
|
else
|
||||||
|
- rm -f ${TMPDIR}sysstat.run
|
||||||
|
+ RETVAL=1
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
;;
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: sysstat
|
Name: sysstat
|
||||||
Version: 7.0.4
|
Version: 7.0.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: The sar and iostat system monitoring commands
|
Summary: The sar and iostat system monitoring commands
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
@ -15,6 +15,7 @@ Patch6: sysstat-5.0.5-append-msg.patch
|
|||||||
Patch9: sysstat-7.0.4-tmp.patch
|
Patch9: sysstat-7.0.4-tmp.patch
|
||||||
Patch10: sysstat-7.0.3-debuginfo.patch
|
Patch10: sysstat-7.0.3-debuginfo.patch
|
||||||
Patch11: sysstat-7.0.4-links.patch
|
Patch11: sysstat-7.0.4-links.patch
|
||||||
|
Patch12: sysstat-7.0.4-cve_2007_3852.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
@ -36,6 +37,7 @@ activity.
|
|||||||
%patch9 -p1 -b .tmp
|
%patch9 -p1 -b .tmp
|
||||||
%patch10 -p1 -b .db
|
%patch10 -p1 -b .db
|
||||||
%patch11 -p1 -b .link
|
%patch11 -p1 -b .link
|
||||||
|
%patch12 -p1 -b .cve3852
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# FIXME: I need to fix the upstream Makefile to use LIBDIR et al. properly and
|
# FIXME: I need to fix the upstream Makefile to use LIBDIR et al. properly and
|
||||||
@ -114,6 +116,10 @@ rm -rf %{buildroot}
|
|||||||
/var/log/sa
|
/var/log/sa
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 15 2007 Ivana Varekova <varekova@redhat.com> - 7.0.4-3
|
||||||
|
- fix cve-2007-3852 -
|
||||||
|
sysstat insecure temporary file usage
|
||||||
|
|
||||||
* Fri Mar 23 2007 Ivana Varekova <varekova@redhat.com> - 7.0.4-2
|
* Fri Mar 23 2007 Ivana Varekova <varekova@redhat.com> - 7.0.4-2
|
||||||
- fix sa2 problem (sa2 works wrong when the /var/log/sa file is
|
- fix sa2 problem (sa2 works wrong when the /var/log/sa file is
|
||||||
a link to another directory)
|
a link to another directory)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user