[Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348
Yann E. MORIN
yann.morin.1998 at free.fr
Sun Mar 1 07:42:50 UTC 2020
Fabrice, All,
On 2020-02-29 23:30 +0100, Fabrice Fontaine spake thusly:
> libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
> regardless of the configured umask, leading to disclosure of information
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> .../0001-cgrulesengd-remove-umask-0.patch | 33 +++++++++++++++++++
> package/libcgroup/libcgroup.mk | 3 ++
> 2 files changed, 36 insertions(+)
> create mode 100644 package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
>
> diff --git a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> new file mode 100644
> index 0000000000..1d9077a2d6
> --- /dev/null
> +++ b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> @@ -0,0 +1,33 @@
> +From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
> +From: Michal Hocko <mhocko at suse.com>
> +Date: Wed, 18 Jul 2018 11:24:29 +0200
> +Subject: [PATCH] cgrulesengd: remove umask(0)
> +
> +One of our partners has noticed that cgred daemon is creating a log file
> +(/var/log/cgred) with too wide permissions (0666) and that is seen as
> +a security bug because an untrusted user can write to otherwise
> +restricted area. CVE-2018-14348 has been assigned to this issue.
> +
> +Signed-off-by: Michal Hocko <mhocko at suse.com>
> +Acked-by: Balbir Singh <bsingharora at gmail.com>
> +[Retrieved from:
> +https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> +---
> + src/daemon/cgrulesengd.c | 3 ---
> + 1 file changed, 3 deletions(-)
> +
> +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> +index ea51f11..0d288f3 100644
> +--- a/src/daemon/cgrulesengd.c
> ++++ b/src/daemon/cgrulesengd.c
> +@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
> + } else if (pid > 0) {
> + exit(EXIT_SUCCESS);
> + }
> +-
> +- /* Change the file mode mask. */
> +- umask(0);
> + } else {
> + flog(LOG_DEBUG, "Not using daemon mode\n");
> + pid = getpid();
> diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
> index 3845627d48..a26d5f2ddf 100644
> --- a/package/libcgroup/libcgroup.mk
> +++ b/package/libcgroup/libcgroup.mk
> @@ -12,6 +12,9 @@ LIBCGROUP_LICENSE_FILES = COPYING
> LIBCGROUP_DEPENDENCIES = host-bison host-flex
> LIBCGROUP_INSTALL_STAGING = YES
>
> +# 0001-cgrulesengd-remove-umask-0.patch
> +LIBCGROUP_IGNORE_CVES += CVE-2018-14348
> +
> # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
> # large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
> # for more information.
> --
> 2.25.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list