Author: mvidner Date: Tue Nov 8 16:51:25 2011 New Revision: 66766 URL: http://svn.opensuse.org/viewcvs/yast?rev=66766&view=rev Log: create user-unreadable ifcfg files without a race (bnc#713661, CVE-2011-3177) Modified: branches/SuSE-Code-11-SP2-Branch/yast2/VERSION branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in Modified: branches/SuSE-Code-11-SP2-Branch/yast2/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/... ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/yast2/VERSION (original) +++ branches/SuSE-Code-11-SP2-Branch/yast2/VERSION Tue Nov 8 16:51:25 2011 @@ -1 +1 @@ -2.17.116 +2.17.117 Modified: branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/... ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp (original) +++ branches/SuSE-Code-11-SP2-Branch/yast2/library/network/src/NetworkInterfaces.ycp Tue Nov 8 16:51:25 2011 @@ -749,9 +749,6 @@ } }); - /* Devices with chmod=0600 */ - list<string> chmod = []; - /* write all devices */ maplist(string typ, map<string,map<string,any> > devsmap, (map<string, map<string, map<string, any> > >) Devs, { maplist(string config, map<string,any> devmap, devsmap, { @@ -825,10 +822,9 @@ boolean has_key = find (string k, SensitiveFields, ``( devmap[k]:"" != "" )) != nil; string file = "/etc/sysconfig/network/ifcfg-" + config; - y2debug("Permission change: %1, %2", has_key, file); if(has_key) { - y2debug("CHANGED"); - chmod = add(chmod, file); + y2debug("Permission change: %1", config); + SCR::Write(add(.network.section_private, config), true); } }); }); @@ -836,13 +832,6 @@ /* Finish him */ SCR::Write(.network, nil); - /* CHMOD */ - y2debug("chmod=%1", chmod); - maplist(string file, chmod, { - y2debug("changing: %1", file); - SCR::Execute(.target.bash, "/bin/chmod 0600 " + file); - }); - // Deleted = []; // OriginalDevices = Devices; // Cannot do it because we have written only part of Devices. Modified: branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/... ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes (original) +++ branches/SuSE-Code-11-SP2-Branch/yast2/package/yast2.changes Tue Nov 8 16:51:25 2011 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Mon Nov 7 18:18:18 CET 2011 - mvidner@suse.cz + +- create user-unreadable ifcfg files without a race (bnc#713661, CVE-2011-3177) +- 2.17.117 + +------------------------------------------------------------------- Mon Oct 31 14:18:35 UTC 2011 - lslezak@suse.cz - package callbacks - do not display error popup for failed Modified: branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/yast2/... ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in (original) +++ branches/SuSE-Code-11-SP2-Branch/yast2/yast2.spec.in Tue Nov 8 16:51:25 2011 @@ -11,8 +11,8 @@ # pre-requires for filling the sysconfig template (sysconfig.yast2) PreReq: %fillup_prereq -# y2base foo -S (hello) UI, list:: namespace -Requires: yast2-core >= 2.17.1 +# ag_ini section_private +Requires: yast2-core >= 2.17.41 # Mod_UI # new YButtonBox widget (fate #303446) Requires: yast2-ycp-ui-bindings >= 2.17.8 -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org