diff options
author | Parabola <dev@list.parabolagnulinux.org> | 2011-11-15 14:34:01 +0000 |
---|---|---|
committer | Parabola <dev@list.parabolagnulinux.org> | 2011-11-15 14:34:01 +0000 |
commit | 28b13b7e8e6e1e4fa1593f0dfb1c37569f2f90a8 (patch) | |
tree | b5961b2312f5afe599dba0d1b9a3b6f6e3d04091 /testing/xorg-server/git-fixes.patch | |
parent | 3d151dfc8e08b65c2c1d4b5e8081562d56ee7d41 (diff) |
Tue Nov 15 14:33:58 UTC 2011
Diffstat (limited to 'testing/xorg-server/git-fixes.patch')
-rw-r--r-- | testing/xorg-server/git-fixes.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/testing/xorg-server/git-fixes.patch b/testing/xorg-server/git-fixes.patch deleted file mode 100644 index a62524bdb..000000000 --- a/testing/xorg-server/git-fixes.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f80d23357874db19bc124dee70239fb182977883 Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu.herrb@laas.fr> -Date: Mon, 17 Oct 2011 20:26:12 +0000 -Subject: Fix CVE-2011-4028: File disclosure vulnerability. - -use O_NOFOLLOW to open the existing lock file, so symbolic links -aren't followed, thus avoid revealing if it point to an existing -file. - -Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -(cherry picked from commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34) ---- -diff --git a/os/utils.c b/os/utils.c -index 36cb46f..9e0acb6 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -316,7 +316,7 @@ LockServer(void) - /* - * Read the pid from the existing file - */ -- lfd = open(LockFile, O_RDONLY); -+ lfd = open(LockFile, O_RDONLY|O_NOFOLLOW); - if (lfd < 0) { - unlink(tmp); - FatalError("Can't read lock file %s\n", LockFile); --- -cgit v0.9.0.2-2-gbebe -From 12f65819ffb04103f170ecd7e281348de618fc4c Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu.herrb@laas.fr> -Date: Mon, 17 Oct 2011 20:27:35 +0000 -Subject: Fix CVE-2011-4029: File permission change vulnerability. - -Use fchmod() to change permissions of the lock file instead -of chmod(), thus avoid the race that can be exploited to set -a symbolic link to any file or directory in the system. - -Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> -Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -(cherry picked from commit b67581cf825940fdf52bf2e0af4330e695d724a4) ---- -diff --git a/os/utils.c b/os/utils.c -index 9e0acb6..d9aa65e 100644 ---- a/os/utils.c -+++ b/os/utils.c -@@ -295,7 +295,7 @@ LockServer(void) - FatalError("Could not create lock file in %s\n", tmp); - (void) sprintf(pid_str, "%10ld\n", (long)getpid()); - (void) write(lfd, pid_str, 11); -- (void) chmod(tmp, 0444); -+ (void) fchmod(lfd, 0444); - (void) close(lfd); - - /* --- -cgit v0.9.0.2-2-gbebe |