diff options
Diffstat (limited to 'meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch b/meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch new file mode 100644 index 0000000000..bc6b0a91c2 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From b8f736b30e20a2b44e7c34bb4e43b0d97ae77e3c Mon Sep 17 00:00:00 2001 | ||
2 | From: Lennart Poettering <lennart@poettering.net> | ||
3 | Date: Thu, 15 Oct 2020 10:54:48 +0200 | ||
4 | Subject: [PATCH] pager: lets check SYSTEMD_PAGERSECURE with secure_getenv() | ||
5 | |||
6 | I can't think of any real vulnerability about this, but it still feels | ||
7 | better to check a variable with "secure" in its name with | ||
8 | secure_getenv() rather than plain getenv(). | ||
9 | |||
10 | Paranoia FTW! | ||
11 | |||
12 | CVE: CVE-2023-26604 | ||
13 | Upstream-Status: Backport [https://github.com/systemd/systemd/pull/17359/commits/b8f736b30e20a2b44e7c34bb4e43b0d97ae77e3c] | ||
14 | Comments: Hunk refreshed | ||
15 | Signed-off-by: rajmohan r <rajmohan.r@kpit.com> | ||
16 | --- | ||
17 | src/shared/pager.c | 2 +- | ||
18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/src/shared/pager.c b/src/shared/pager.c | ||
21 | index a72d9ea..250519c 100644 | ||
22 | --- a/src/shared/pager.c | ||
23 | +++ b/src/shared/pager.c | ||
24 | @@ -170,7 +170,7 @@ int pager_open(PagerFlags flags) { | ||
25 | * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE | ||
26 | * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we | ||
27 | * know to be good. */ | ||
28 | - int use_secure_mode = getenv_bool("SYSTEMD_PAGERSECURE"); | ||
29 | + int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE"); | ||
30 | bool trust_pager = use_secure_mode >= 0; | ||
31 | if (use_secure_mode == -ENXIO) { | ||
32 | uid_t uid; | ||