diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2018-07-27 16:04:34 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-07-30 12:44:35 +0100 |
commit | ffb63803eac6ba97d1b9e1f3d648bc4d81bf0276 (patch) | |
tree | d29c106cf81ae93e47b30aaaf87e10bbcdfc10eb /meta/recipes-extended/shadow/files/CVE-2017-2616.patch | |
parent | 96f011e628fe360644bfdd7650145b996d61740c (diff) | |
download | poky-ffb63803eac6ba97d1b9e1f3d648bc4d81bf0276.tar.gz |
shadow: upgrade 4.2.1 -> 4.6
The following patches are removed because problems have been fixed in this version.
0001-shadow-CVE-2017-12424
fix-installation-failure-with-subids-disabled.patch
usermod-fix-compilation-failure-with-subids-disabled.patch
CVE-2017-2616.patch
check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
0001-Do-not-read-login.defs-before-doing-chroot.patch
The following patches are rebased.
0001-Disable-use-of-syslog-for-sysroot.patch
0001-useradd-copy-extended-attributes-of-home.patch
0001-useradd.c-create-parent-directories-when-necessary.patch
allow-for-setting-password-in-clear-text.patch
(From OE-Core rev: 79dd22729d5b8a2f2cf4294ff6b261c9d6ecd977)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow/files/CVE-2017-2616.patch')
-rw-r--r-- | meta/recipes-extended/shadow/files/CVE-2017-2616.patch | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch deleted file mode 100644 index ee728f0952..0000000000 --- a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | shadow-4.2.1: Fix CVE-2017-2616 | ||
2 | |||
3 | [No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 | ||
4 | |||
5 | su: properly clear child PID | ||
6 | |||
7 | If su is compiled with PAM support, it is possible for any local user | ||
8 | to send SIGKILL to other processes with root privileges. There are | ||
9 | only two conditions. First, the user must be able to perform su with | ||
10 | a successful login. This does NOT have to be the root user, even using | ||
11 | su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL | ||
12 | can only be sent to processes which were executed after the su process. | ||
13 | It is not possible to send SIGKILL to processes which were already | ||
14 | running. I consider this as a security vulnerability, because I was | ||
15 | able to write a proof of concept which unlocked a screen saver of | ||
16 | another user this way. | ||
17 | |||
18 | Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] | ||
19 | CVE: CVE-2017-2616 | ||
20 | bug: 855943 | ||
21 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
22 | |||
23 | diff --git a/src/su.c b/src/su.c | ||
24 | index 3704217..1efcd61 100644 | ||
25 | --- a/src/su.c | ||
26 | +++ b/src/su.c | ||
27 | @@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) | ||
28 | /* wake child when resumed */ | ||
29 | kill (pid, SIGCONT); | ||
30 | stop = false; | ||
31 | + } else { | ||
32 | + pid_child = 0; | ||
33 | } | ||
34 | } while (!stop); | ||
35 | } | ||
36 | |||
37 | - if (0 != caught) { | ||
38 | + if (0 != caught && 0 != pid_child) { | ||
39 | (void) fputs ("\n", stderr); | ||
40 | (void) fputs (_("Session terminated, terminating shell..."), | ||
41 | stderr); | ||
42 | (void) kill (-pid_child, caught); | ||
43 | |||
44 | (void) signal (SIGALRM, kill_child); | ||
45 | + (void) signal (SIGCHLD, catch_signals); | ||
46 | (void) alarm (2); | ||
47 | |||
48 | - (void) wait (&status); | ||
49 | + sigemptyset (&ourset); | ||
50 | + if ((sigaddset (&ourset, SIGALRM) != 0) | ||
51 | + || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { | ||
52 | + fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); | ||
53 | + kill_child (0); | ||
54 | + } else { | ||
55 | + while (0 == waitpid (pid_child, &status, WNOHANG)) { | ||
56 | + sigsuspend (&ourset); | ||
57 | + } | ||
58 | + pid_child = 0; | ||
59 | + (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); | ||
60 | + } | ||
61 | + | ||
62 | (void) fputs (_(" ...terminated.\n"), stderr); | ||
63 | } | ||
64 | |||