Author: mvidner
Date: Tue Nov 8 16:51:25 2011
New Revision: 66766
URL: http://svn.opensuse.org/viewcvs/yast?rev=66766&view=rev
Log:
create user-unreadable ifcfg files without a race (bnc#713661, CVE-2011-3177)
Modified:
branches/SuSE-Code-11-SP2-Branch/yast2/VERSION
branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp
branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes
branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in
Modified: branches/SuSE-Code-11-SP2-Branch/yast2/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/VERSION?rev=66766&r1=66765&r2=66766&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/yast2/VERSION (original)
+++ branches/SuSE-Code-11-SP2-Branch/yast2/VERSION Tue Nov 8 16:51:25 2011
@@ -1 +1 @@
-2.17.116
+2.17.117
Modified: branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp?rev=66766&r1=66765&r2=66766&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp (original)
+++ branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp Tue Nov 8 16:51:25 2011
@@ -749,9 +749,6 @@
}
});
- /* Devices with chmod=0600 */
- list<string> chmod = [];
-
/* write all devices */
maplist(string typ, map > devsmap, (map > >) Devs, {
maplist(string config, map devmap, devsmap, {
@@ -825,10 +822,9 @@
boolean has_key = find (string k, SensitiveFields,
``( devmap[k]:"" != "" )) != nil;
string file = "/etc/sysconfig/network/ifcfg-" + config;
- y2debug("Permission change: %1, %2", has_key, file);
if(has_key) {
- y2debug("CHANGED");
- chmod = add(chmod, file);
+ y2debug("Permission change: %1", config);
+ SCR::Write(add(.network.section_private, config), true);
}
});
});
@@ -836,13 +832,6 @@
/* Finish him */
SCR::Write(.network, nil);
- /* CHMOD */
- y2debug("chmod=%1", chmod);
- maplist(string file, chmod, {
- y2debug("changing: %1", file);
- SCR::Execute(.target.bash, "/bin/chmod 0600 " + file);
- });
-
// Deleted = [];
// OriginalDevices = Devices;
// Cannot do it because we have written only part of Devices.
Modified: branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes?rev=66766&r1=66765&r2=66766&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes (original)
+++ branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes Tue Nov 8 16:51:25 2011
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Mon Nov 7 18:18:18 CET 2011 - mvidner@suse.cz
+
+- create user-unreadable ifcfg files without a race (bnc#713661, CVE-2011-3177)
+- 2.17.117
+
+-------------------------------------------------------------------
Mon Oct 31 14:18:35 UTC 2011 - lslezak@suse.cz
- package callbacks - do not display error popup for failed
Modified: branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in?rev=66766&r1=66765&r2=66766&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in (original)
+++ branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in Tue Nov 8 16:51:25 2011
@@ -11,8 +11,8 @@
# pre-requires for filling the sysconfig template (sysconfig.yast2)
PreReq: %fillup_prereq
-# y2base foo -S (hello) UI, list:: namespace
-Requires: yast2-core >= 2.17.1
+# ag_ini section_private
+Requires: yast2-core >= 2.17.41
# Mod_UI
# new YButtonBox widget (fate #303446)
Requires: yast2-ycp-ui-bindings >= 2.17.8
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org