diff options
| author | Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-08-27 22:43:20 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-27 12:17:45 +0100 |
| commit | 79083fcd0ddd9bf69b5068da9c503ae28a809aae (patch) | |
| tree | e6c8bd11e20028ce9ce64d1aba6e2df219a77d96 /meta/recipes-core | |
| parent | 64367bbb6b553892767754a1a4f24440d4bf5325 (diff) | |
| download | poky-79083fcd0ddd9bf69b5068da9c503ae28a809aae.tar.gz | |
libcgroup: CVE-2018-14348
Affects libcgroup <= 0.41
(From OE-Core rev: 37101fa37107c498393492ccdbc8652f685b6cce)
(From OE-Core rev: e3254b4ec0f7c22cca1952df22df6568b8d8b81c)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | 37 | ||||
| -rw-r--r-- | meta/recipes-core/libcgroup/libcgroup_0.41.bb | 3 |
2 files changed, 39 insertions, 1 deletions
diff --git a/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch b/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch new file mode 100644 index 0000000000..d133703dec --- /dev/null +++ b/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michal Hocko <mhocko@suse.com> | ||
| 3 | Date: Wed, 18 Jul 2018 11:24:29 +0200 | ||
| 4 | Subject: [PATCH] cgrulesengd: remove umask(0) | ||
| 5 | |||
| 6 | One of our partners has noticed that cgred daemon is creating a log file | ||
| 7 | (/var/log/cgred) with too wide permissions (0666) and that is seen as | ||
| 8 | a security bug because an untrusted user can write to otherwise | ||
| 9 | restricted area. CVE-2018-14348 has been assigned to this issue. | ||
| 10 | |||
| 11 | CVE: CVE-2018-14348 | ||
| 12 | Upstream-Status: Backport [https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590] | ||
| 13 | |||
| 14 | Signed-off-by: Michal Hocko <mhocko@suse.com> | ||
| 15 | Acked-by: Balbir Singh <bsingharora@gmail.com> | ||
| 16 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
| 17 | --- | ||
| 18 | src/daemon/cgrulesengd.c | 3 --- | ||
| 19 | 1 file changed, 3 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c | ||
| 22 | index ea51f11..0d288f3 100644 | ||
| 23 | --- a/src/daemon/cgrulesengd.c | ||
| 24 | +++ b/src/daemon/cgrulesengd.c | ||
| 25 | @@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf, | ||
| 26 | } else if (pid > 0) { | ||
| 27 | exit(EXIT_SUCCESS); | ||
| 28 | } | ||
| 29 | - | ||
| 30 | - /* Change the file mode mask. */ | ||
| 31 | - umask(0); | ||
| 32 | } else { | ||
| 33 | flog(LOG_DEBUG, "Not using daemon mode\n"); | ||
| 34 | pid = getpid(); | ||
| 35 | -- | ||
| 36 | 2.13.3 | ||
| 37 | |||
diff --git a/meta/recipes-core/libcgroup/libcgroup_0.41.bb b/meta/recipes-core/libcgroup/libcgroup_0.41.bb index 7ddc81e9b7..92d7261b0d 100644 --- a/meta/recipes-core/libcgroup/libcgroup_0.41.bb +++ b/meta/recipes-core/libcgroup/libcgroup_0.41.bb | |||
| @@ -11,7 +11,8 @@ inherit autotools pkgconfig | |||
| 11 | 11 | ||
| 12 | DEPENDS = "bison-native flex-native" | 12 | DEPENDS = "bison-native flex-native" |
| 13 | 13 | ||
| 14 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2" | 14 | SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2 \ |
| 15 | file://CVE-2018-14348.patch" | ||
| 15 | SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" | 16 | SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" |
| 16 | 17 | ||
| 17 | SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" | 18 | SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" |