[Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348

Yann E. MORIN yann.morin.1998 at free.fr
Sun Mar 1 07:42:50 UTC 2020


Fabrice, All,

On 2020-02-29 23:30 +0100, Fabrice Fontaine spake thusly:
> libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
> regardless of the configured umask, leading to disclosure of information
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  .../0001-cgrulesengd-remove-umask-0.patch     | 33 +++++++++++++++++++
>  package/libcgroup/libcgroup.mk                |  3 ++
>  2 files changed, 36 insertions(+)
>  create mode 100644 package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> 
> diff --git a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> new file mode 100644
> index 0000000000..1d9077a2d6
> --- /dev/null
> +++ b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> @@ -0,0 +1,33 @@
> +From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
> +From: Michal Hocko <mhocko at suse.com>
> +Date: Wed, 18 Jul 2018 11:24:29 +0200
> +Subject: [PATCH] cgrulesengd: remove umask(0)
> +
> +One of our partners has noticed that cgred daemon is creating a log file
> +(/var/log/cgred) with too wide permissions (0666) and that is seen as
> +a security bug because an untrusted user can write to otherwise
> +restricted area. CVE-2018-14348 has been assigned to this issue.
> +
> +Signed-off-by: Michal Hocko <mhocko at suse.com>
> +Acked-by: Balbir Singh <bsingharora at gmail.com>
> +[Retrieved from:
> +https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> +---
> + src/daemon/cgrulesengd.c | 3 ---
> + 1 file changed, 3 deletions(-)
> +
> +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> +index ea51f11..0d288f3 100644
> +--- a/src/daemon/cgrulesengd.c
> ++++ b/src/daemon/cgrulesengd.c
> +@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
> + 		} else if (pid > 0) {
> + 			exit(EXIT_SUCCESS);
> + 		}
> +-
> +-		/* Change the file mode mask. */
> +-		umask(0);
> + 	} else {
> + 		flog(LOG_DEBUG, "Not using daemon mode\n");
> + 		pid = getpid();
> diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
> index 3845627d48..a26d5f2ddf 100644
> --- a/package/libcgroup/libcgroup.mk
> +++ b/package/libcgroup/libcgroup.mk
> @@ -12,6 +12,9 @@ LIBCGROUP_LICENSE_FILES = COPYING
>  LIBCGROUP_DEPENDENCIES = host-bison host-flex
>  LIBCGROUP_INSTALL_STAGING = YES
>  
> +# 0001-cgrulesengd-remove-umask-0.patch
> +LIBCGROUP_IGNORE_CVES += CVE-2018-14348
> +
>  # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
>  # large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
>  # for more information.
> -- 
> 2.25.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'


More information about the buildroot mailing list