diff options
Diffstat (limited to 'meta')
3 files changed, 125 insertions, 0 deletions
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch b/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch new file mode 100644 index 0000000000..6f31eba26d --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-1.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From 7597cfa482e42a00a69fb9577ee523762980a9a2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Orlitzky <michael@orlitzky.com> | ||
3 | Date: Thu, 28 Dec 2017 15:52:42 -0500 | ||
4 | Subject: doc: clarify chown/chgrp --dereference defaults | ||
5 | |||
6 | * doc/coreutils.texi: the documentation for the --dereference | ||
7 | flag of chown/chgrp states that it is the default mode of | ||
8 | operation. Document that this is only the case when operating | ||
9 | non-recursively. | ||
10 | |||
11 | CVE: CVE-2017-18018 | ||
12 | Upstream-Status: Backport from v8.30 | ||
13 | |||
14 | Signed-off-by: Michael Orlitzky <michael@orlitzky.com> | ||
15 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
16 | --- | ||
17 | doc/coreutils.texi | 4 ++-- | ||
18 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff -Naurp coreutils-8.27_org/doc/coreutils.texi coreutils-8.27/doc/coreutils.texi | ||
21 | --- coreutils-8.27_org/doc/coreutils.texi 2018-07-22 21:09:50.128736692 -0700 | ||
22 | +++ coreutils-8.27/doc/coreutils.texi 2018-07-22 21:12:59.972219770 -0700 | ||
23 | @@ -10952,7 +10952,7 @@ chown -h -R --from=OLDUSER NEWUSER / | ||
24 | @cindex symbolic links, changing owner | ||
25 | @findex lchown | ||
26 | Do not act on symbolic links themselves but rather on what they point to. | ||
27 | -This is the default. | ||
28 | +This is the default when not operating recursively. | ||
29 | |||
30 | @item -h | ||
31 | @itemx --no-dereference | ||
32 | @@ -11082,7 +11082,7 @@ changed. | ||
33 | @cindex symbolic links, changing owner | ||
34 | @findex lchown | ||
35 | Do not act on symbolic links themselves but rather on what they point to. | ||
36 | -This is the default. | ||
37 | +This is the default when not operating recursively. | ||
38 | |||
39 | @item -h | ||
40 | @itemx --no-dereference | ||
diff --git a/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch b/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch new file mode 100644 index 0000000000..c8f5f54acf --- /dev/null +++ b/meta/recipes-core/coreutils/coreutils/CVE-2017-18018-2.patch | |||
@@ -0,0 +1,83 @@ | |||
1 | From bc2fd9796403e03bb757b064d44c22fab92e6842 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Orlitzky <michael@orlitzky.com> | ||
3 | Date: Thu, 4 Jan 2018 11:38:21 -0500 | ||
4 | Subject: doc: warn about following symlinks recursively in chown/chgrp | ||
5 | |||
6 | In both chown and chgrp (which shares its code with chown), operating | ||
7 | on symlinks recursively has a window of vulnerability where the | ||
8 | destination user or group can change the target of the operation. | ||
9 | Warn about combining the --dereference, --recursive, and -L flags. | ||
10 | |||
11 | * doc/coreutils.texi (warnOptDerefWithRec): Add macro. | ||
12 | (node chown invocation): Add it to --dereference and -L. | ||
13 | (node chgrp invocation): Likewise. | ||
14 | |||
15 | See also: CVE-2017-18018 | ||
16 | CVE: CVE-2017-18018 | ||
17 | Upstream-Status: Backport from v8.30 | ||
18 | |||
19 | Signed-off-by: Michael Orlitzky <michael@orlitzky.com> | ||
20 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
21 | --- | ||
22 | doc/coreutils.texi | 17 +++++++++++++++++ | ||
23 | 1 file changed, 17 insertions(+) | ||
24 | |||
25 | diff --git a/doc/coreutils.texi b/doc/coreutils.texi | ||
26 | index 6bb9f09..9f5f95b 100644 | ||
27 | --- a/doc/coreutils.texi | ||
28 | +++ b/doc/coreutils.texi | ||
29 | @@ -1428,6 +1428,19 @@ a command line argument is a symbolic link to a directory, traverse it. | ||
30 | In a recursive traversal, traverse every symbolic link to a directory | ||
31 | that is encountered. | ||
32 | @end macro | ||
33 | + | ||
34 | +@c Append the following warning to -L where appropriate (e.g. chown). | ||
35 | +@macro warnOptDerefWithRec | ||
36 | + | ||
37 | +Combining this dereferencing option with the @option{--recursive} option | ||
38 | +may create a security risk: | ||
39 | +During the traversal of the directory tree, an attacker may be able to | ||
40 | +introduce a symlink to an arbitrary target; when the tool reaches that, | ||
41 | +the operation will be performed on the target of that symlink, | ||
42 | +possibly allowing the attacker to escalate privileges. | ||
43 | + | ||
44 | +@end macro | ||
45 | + | ||
46 | @choptL | ||
47 | |||
48 | @macro choptP | ||
49 | @@ -10995,6 +11008,7 @@ chown -h -R --from=OLDUSER NEWUSER / | ||
50 | @findex lchown | ||
51 | Do not act on symbolic links themselves but rather on what they point to. | ||
52 | This is the default when not operating recursively. | ||
53 | +@warnOptDerefWithRec | ||
54 | |||
55 | @item -h | ||
56 | @itemx --no-dereference | ||
57 | @@ -11051,6 +11065,7 @@ Recursively change ownership of directories and their contents. | ||
58 | @xref{Traversing symlinks}. | ||
59 | |||
60 | @choptL | ||
61 | +@warnOptDerefWithRec | ||
62 | @xref{Traversing symlinks}. | ||
63 | |||
64 | @choptP | ||
65 | @@ -11125,6 +11140,7 @@ changed. | ||
66 | @findex lchown | ||
67 | Do not act on symbolic links themselves but rather on what they point to. | ||
68 | This is the default when not operating recursively. | ||
69 | +@warnOptDerefWithRec | ||
70 | |||
71 | @item -h | ||
72 | @itemx --no-dereference | ||
73 | @@ -11180,6 +11196,7 @@ Recursively change the group ownership of directories and their contents. | ||
74 | @xref{Traversing symlinks}. | ||
75 | |||
76 | @choptL | ||
77 | +@warnOptDerefWithRec | ||
78 | @xref{Traversing symlinks}. | ||
79 | |||
80 | @choptP | ||
81 | -- | ||
82 | cgit v1.0-41-gc330 | ||
83 | |||
diff --git a/meta/recipes-core/coreutils/coreutils_8.29.bb b/meta/recipes-core/coreutils/coreutils_8.29.bb index 4704f32196..b0572afdc0 100644 --- a/meta/recipes-core/coreutils/coreutils_8.29.bb +++ b/meta/recipes-core/coreutils/coreutils_8.29.bb | |||
@@ -19,6 +19,8 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \ | |||
19 | file://0001-uname-report-processor-and-hardware-correctly.patch \ | 19 | file://0001-uname-report-processor-and-hardware-correctly.patch \ |
20 | file://disable-ls-output-quoting.patch \ | 20 | file://disable-ls-output-quoting.patch \ |
21 | file://0001-local.mk-fix-cross-compiling-problem.patch \ | 21 | file://0001-local.mk-fix-cross-compiling-problem.patch \ |
22 | file://CVE-2017-18018-1.patch \ | ||
23 | file://CVE-2017-18018-2.patch \ | ||
22 | " | 24 | " |
23 | 25 | ||
24 | SRC_URI[md5sum] = "960cfe75a42c9907c71439f8eb436303" | 26 | SRC_URI[md5sum] = "960cfe75a42c9907c71439f8eb436303" |