Mailinglist Archive: opensuse-commit (914 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package libgnomesu for openSUSE:Factory
checked in at Mon Jun 20 10:42:59 CEST 2011.



--------
--- GNOME/libgnomesu/libgnomesu.changes 2011-05-05 19:32:08.000000000 +0200
+++ /mounts/work_src_done/STABLE/libgnomesu/libgnomesu.changes  2011-06-17 
17:46:16.000000000 +0200
@@ -1,0 +2,7 @@
+Mon May 30 10:34:59 CEST 2011 - vuntz@xxxxxxxxxxxx
+
+- Add libgnomesu-check-setuid-retval.patch: really handle return
+  value of the setuid() call, to avoid a root exploit if it fails
+  because of rlimits. Fix bnc#695627 and CVE-2011-1946.
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
  libgnomesu-check-setuid-retval.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libgnomesu.spec ++++++
--- /var/tmp/diff_new_pack.Sh9K36/_old  2011-06-20 10:33:02.000000000 +0200
+++ /var/tmp/diff_new_pack.Sh9K36/_new  2011-06-20 10:33:02.000000000 +0200
@@ -19,7 +19,7 @@
 
 Name:           libgnomesu
 Version:        1.0.0
-Release:        332
+Release:        335
 License:        LGPLv2.1+
 Summary:        GNOME su Library
 Url:            http://members.chello.nl/~h.lai/libgnomesu/
@@ -60,6 +60,8 @@
 Patch16:        libgnomesu-use-pam_xauth.patch
 # PATCH-FIX-UPSTREAM libgnomesu-reorder-pam-init.patch vuntz@xxxxxxxxxxxx -- 
Do commands in the same order as in coreutils/su.c in pam backend
 Patch17:        libgnomesu-reorder-pam-init.patch
+# PATCH-FIX-UPSTREAM libgnomesu-check-setuid-retval.patch bnc#695627 
CVE-2011-1946 vuntz@xxxxxxxxxxxx -- Really handle return value of setuid()
+Patch18:        libgnomesu-check-setuid-retval.patch
 BuildRequires:  fdupes
 BuildRequires:  gconf2-devel
 BuildRequires:  gtk2-devel
@@ -121,6 +123,7 @@
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
 cp -a %{S:1} pam-backend/gnomesu-pam
 # Upstream is dead, libgnomesu.po in LCN includes strings in our patches:
 translation-update-upstream

++++++ libgnomesu-check-setuid-retval.patch ++++++
Index: libgnomesu-1.0.0/pam-backend/pam.c
===================================================================
--- libgnomesu-1.0.0.orig/pam-backend/pam.c
+++ libgnomesu-1.0.0/pam-backend/pam.c
@@ -338,7 +338,15 @@ main (int argc, char *argv[])
                #ifdef HAVE_SETFSUID
                setfsuid (pw->pw_uid);
                #endif /* HAVE_SETFSUID */
-               change_identity (pw);
+
+               if (change_identity (pw)) {
+                       pam_close_session (pamh, 0);
+                       if (setcred)
+                               pam_setcred (pamh, PAM_DELETE_CRED | 
PAM_SILENT);
+                       close_pam (pamh, retval);
+                       fprintf (outf, PROTOCOL_ERROR);
+                       return 1;
+               }
 
                modify_environment (pw);
 
Index: libgnomesu-1.0.0/su-backend/common.c
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/common.c
+++ libgnomesu-1.0.0/su-backend/common.c
@@ -232,13 +232,20 @@ init_groups (const struct passwd *pw)
 #endif
 }
 
-void
+int
 change_identity (const struct passwd *pw)
 {
-       if (setgid (pw->pw_gid))
+       if (setgid (pw->pw_gid)) {
                perror ("cannot set group id");
-       if (setuid (pw->pw_uid))
+               return -1;
+       }
+
+       if (setuid (pw->pw_uid)) {
                perror ("cannot set user id");
+               return -1;
+       }
+
+       return 0;
 }
 
 void
Index: libgnomesu-1.0.0/su-backend/su.c
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/su.c
+++ libgnomesu-1.0.0/su-backend/su.c
@@ -323,7 +323,12 @@ main (int argc, char **argv)
   init_xauth (pw);
   modify_environment (pw);
   init_groups (pw);
-  change_identity (pw);
+
+  if (change_identity (pw)) {
+         fprintf (outf, PROTOCOL_ERROR);
+         return 1;
+  }
+
   setup_xauth (pw);
 
   fprintf (outf, PROTOCOL_DONE);
Index: libgnomesu-1.0.0/su-backend/common.h
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/common.h
+++ libgnomesu-1.0.0/su-backend/common.h
@@ -31,7 +31,7 @@ void xputenv (const char *val);
 void init_xauth (const struct passwd *pw);
 void setup_xauth (const struct passwd *pw);
 void init_groups (const struct passwd *pw);
-void change_identity (const struct passwd *pw);
+int  change_identity (const struct passwd *pw);
 void modify_environment (const struct passwd *pw);
 void *safe_memset (void *s, int c, size_t n);
 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx