Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
dbus-1
dbus-cve-2012-3524-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dbus-cve-2012-3524-1.patch of Package dbus-1
--- dbus-1.2.16/configure.in.orig 2012-11-09 10:54:16.218269239 +0100 +++ dbus-1.2.16/configure.in 2012-11-09 10:56:04.543831213 +0100 @@ -389,7 +389,7 @@ AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll __secure_getenv) #### Check for broken poll; taken from Glib's configure --- dbus-1.2.16/dbus/dbus-sysdeps-unix.c.orig 2012-11-09 10:54:16.265267314 +0100 +++ dbus-1.2.16/dbus/dbus-sysdeps-unix.c 2012-11-09 10:54:16.265267314 +0100 @@ -2775,6 +2775,13 @@ #ifdef HAVE_SOCKETPAIR int fds[2]; + if (_dbus_check_setuid ()) + { + dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, + "Unable to autolaunch when setuid"); + return FALSE; + } + _DBUS_ASSERT_ERROR_IS_CLEAR (error); if (socketpair (AF_UNIX, SOCK_STREAM, 0, fds) < 0) @@ -3481,4 +3488,57 @@ return errno == EAGAIN || errno == EWOULDBLOCK; } +/** + * **NOTE**: If you modify this function, please also consider making + * the corresponding change in GLib. See + * glib/gutils.c:g_check_setuid(). + * + * Returns TRUE if the current process was executed as setuid (or an + * equivalent __libc_enable_secure is available). See: + * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html + */ +dbus_bool_t +_dbus_check_setuid (void) +{ + /* TODO: get __libc_enable_secure exported from glibc. + * See http://www.openwall.com/lists/owl-dev/2012/08/14/1 + */ +#if 0 && defined(HAVE_LIBC_ENABLE_SECURE) + { + /* See glibc/include/unistd.h */ + extern int __libc_enable_secure; + return __libc_enable_secure; + } +#elif defined(HAVE_ISSETUGID) + /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */ + return issetugid (); +#else + uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ + gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ + + static dbus_bool_t check_setuid_initialised; + static dbus_bool_t is_setuid; + + if (_DBUS_UNLIKELY (!check_setuid_initialised)) + { +#ifdef HAVE_GETRESUID + if (getresuid (&ruid, &euid, &suid) != 0 || + getresgid (&rgid, &egid, &sgid) != 0) +#endif /* HAVE_GETRESUID */ + { + suid = ruid = getuid (); + sgid = rgid = getgid (); + euid = geteuid (); + egid = getegid (); + } + + check_setuid_initialised = TRUE; + is_setuid = (ruid != euid || ruid != suid || + rgid != egid || rgid != sgid); + + } + return is_setuid; +#endif +} + /* tests in dbus-sysdeps-util.c */ --- dbus-1.2.16/dbus/dbus-sysdeps.h.orig 2012-11-09 10:54:16.265267314 +0100 +++ dbus-1.2.16/dbus/dbus-sysdeps.h 2012-11-09 10:54:16.265267314 +0100 @@ -97,6 +97,7 @@ void _dbus_abort (void) _DBUS_GNUC_NORETURN; +dbus_bool_t _dbus_check_setuid (void); const char* _dbus_getenv (const char *varname); dbus_bool_t _dbus_setenv (const char *varname, const char *value);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor