diff options
author | Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-08-27 22:43:20 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-27 12:17:45 +0100 |
commit | 79083fcd0ddd9bf69b5068da9c503ae28a809aae (patch) | |
tree | e6c8bd11e20028ce9ce64d1aba6e2df219a77d96 | |
parent | 64367bbb6b553892767754a1a4f24440d4bf5325 (diff) | |
download | poky-79083fcd0ddd9bf69b5068da9c503ae28a809aae.tar.gz |
libcgroup: CVE-2018-14348
Affects libcgroup <= 0.41
(From OE-Core rev: 37101fa37107c498393492ccdbc8652f685b6cce)
(From OE-Core rev: e3254b4ec0f7c22cca1952df22df6568b8d8b81c)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | 37 | ||||
-rw-r--r-- | meta/recipes-core/libcgroup/libcgroup_0.41.bb | 3 |
2 files changed, 39 insertions, 1 deletions
diff --git a/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch b/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch new file mode 100644 index 0000000000..d133703dec --- /dev/null +++ b/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michal Hocko <mhocko@suse.com> | ||
3 | Date: Wed, 18 Jul 2018 11:24:29 +0200 | ||
4 | Subject: [PATCH] cgrulesengd: remove umask(0) | ||
5 | |||
6 | One of our partners has noticed that cgred daemon is creating a log file | ||
7 | (/var/log/cgred) with too wide permissions (0666) and that is seen as | ||
8 | a security bug because an untrusted user can write to otherwise | ||
9 | restricted area. CVE-2018-14348 has been assigned to this issue. | ||
10 | |||
11 | CVE: CVE-2018-14348 | ||
12 | Upstream-Status: Backport [https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590] | ||
13 | |||
14 | Signed-off-by: Michal Hocko <mhocko@suse.com> | ||
15 | Acked-by: Balbir Singh <bsingharora@gmail.com> | ||
16 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
17 | --- | ||
18 | src/daemon/cgrulesengd.c | 3 --- | ||
19 | 1 file changed, 3 deletions(-) | ||
20 | |||
21 | diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c | ||
22 | index ea51f11..0d288f3 100644 | ||
23 | --- a/src/daemon/cgrulesengd.c | ||
24 | +++ b/src/daemon/cgrulesengd.c | ||
25 | @@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf, | ||
26 | } else if (pid > 0) { | ||
27 | exit(EXIT_SUCCESS); | ||
28 | } | ||
29 | - | ||
30 | - /* Change the file mode mask. */ | ||
31 | - umask(0); | ||
32 | } else { | ||
33 | flog(LOG_DEBUG, "Not using daemon mode\n"); | ||
34 | pid = getpid(); | ||
35 | -- | ||
36 | 2.13.3 | ||
37 | |||
diff --git a/meta/recipes-core/libcgroup/libcgroup_0.41.bb b/meta/recipes-core/libcgroup/libcgroup_0.41.bb index 7ddc81e9b7..92d7261b0d 100644 --- a/meta/recipes-core/libcgroup/libcgroup_0.41.bb +++ b/meta/recipes-core/libcgroup/libcgroup_0.41.bb | |||
@@ -11,7 +11,8 @@ inherit autotools pkgconfig | |||
11 | 11 | ||
12 | DEPENDS = "bison-native flex-native" | 12 | DEPENDS = "bison-native flex-native" |
13 | 13 | ||
14 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2" | 14 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2 \ |
15 | file://CVE-2018-14348.patch" | ||
15 | SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" | 16 | SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" |
16 | 17 | ||
17 | SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" | 18 | SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" |