diff options
| author | Vivek Kumbhar <vkumbhar@mvista.com> | 2022-11-24 17:58:13 +0530 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-01 19:35:04 +0000 |
| commit | 9510218414f822d1d5fd4b8417137d8ef1de81ff (patch) | |
| tree | 2746dcc23e90767e8d7496074628fdca923ba9ce /meta/recipes-devtools/python/python3 | |
| parent | b712955b3b05da7c7a964b8eaf626db788e06387 (diff) | |
| download | poky-9510218414f822d1d5fd4b8417137d8ef1de81ff.tar.gz | |
python3: fix CVE-2022-42919 local privilege escalation via the multiprocessing forkserver start method
Upstream-Status: Backport from https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2
(From OE-Core rev: 9ed7184930707c98afabca8c6b712df874ad659f)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python/python3')
| -rw-r--r-- | meta/recipes-devtools/python/python3/CVE-2022-42919.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3/CVE-2022-42919.patch b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch new file mode 100644 index 0000000000..6040724dae --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2022-42919.patch | |||
| @@ -0,0 +1,70 @@ | |||
| 1 | From 87ef80926ea0ec960a220af89d8ff4db99417b03 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Vivek Kumbhar <vkumbhar@mvista.com> | ||
| 3 | Date: Thu, 24 Nov 2022 17:44:18 +0530 | ||
| 4 | Subject: [PATCH] CVE-2022-42919 | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2] | ||
| 7 | CVE: CVE-2022-42919 | ||
| 8 | Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> | ||
| 9 | |||
| 10 | [3.10] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98503) | ||
| 11 | |||
| 12 | Linux abstract sockets are insecure as they lack any form of filesystem | ||
| 13 | permissions so their use allows anyone on the system to inject code into | ||
| 14 | the process. | ||
| 15 | |||
| 16 | This removes the default preference for abstract sockets in | ||
| 17 | multiprocessing introduced in Python 3.9+ via | ||
| 18 | https://github.com/python/cpython/pull/18866 while fixing | ||
| 19 | https://github.com/python/cpython/issues/84031. | ||
| 20 | |||
| 21 | Explicit use of an abstract socket by a user now generates a | ||
| 22 | RuntimeWarning. If we choose to keep this warning, it should be | ||
| 23 | backported to the 3.7 and 3.8 branches. | ||
| 24 | (cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17) | ||
| 25 | --- | ||
| 26 | Lib/multiprocessing/connection.py | 5 ----- | ||
| 27 | .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++ | ||
| 28 | 2 files changed, 15 insertions(+), 5 deletions(-) | ||
| 29 | create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | ||
| 30 | |||
| 31 | diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py | ||
| 32 | index 510e4b5..8e2facf 100644 | ||
| 33 | --- a/Lib/multiprocessing/connection.py | ||
| 34 | +++ b/Lib/multiprocessing/connection.py | ||
| 35 | @@ -73,11 +73,6 @@ def arbitrary_address(family): | ||
| 36 | if family == 'AF_INET': | ||
| 37 | return ('localhost', 0) | ||
| 38 | elif family == 'AF_UNIX': | ||
| 39 | - # Prefer abstract sockets if possible to avoid problems with the address | ||
| 40 | - # size. When coding portable applications, some implementations have | ||
| 41 | - # sun_path as short as 92 bytes in the sockaddr_un struct. | ||
| 42 | - if util.abstract_sockets_supported: | ||
| 43 | - return f"\0listener-{os.getpid()}-{next(_mmap_counter)}" | ||
| 44 | return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir()) | ||
| 45 | elif family == 'AF_PIPE': | ||
| 46 | return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' % | ||
| 47 | diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | ||
| 48 | new file mode 100644 | ||
| 49 | index 0000000..02d95b5 | ||
| 50 | --- /dev/null | ||
| 51 | +++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | ||
| 52 | @@ -0,0 +1,15 @@ | ||
| 53 | +On Linux the :mod:`multiprocessing` module returns to using filesystem backed | ||
| 54 | +unix domain sockets for communication with the *forkserver* process instead of | ||
| 55 | +the Linux abstract socket namespace. Only code that chooses to use the | ||
| 56 | +:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected. | ||
| 57 | + | ||
| 58 | +Abstract sockets have no permissions and could allow any user on the system in | ||
| 59 | +the same `network namespace | ||
| 60 | +<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the | ||
| 61 | +whole system) to inject code into the multiprocessing *forkserver* process. | ||
| 62 | +This was a potential privilege escalation. Filesystem based socket permissions | ||
| 63 | +restrict this to the *forkserver* process user as was the default in Python 3.8 | ||
| 64 | +and earlier. | ||
| 65 | + | ||
| 66 | +This prevents Linux `CVE-2022-42919 | ||
| 67 | +<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_. | ||
| 68 | -- | ||
| 69 | 2.25.1 | ||
| 70 | |||