Hello community, here is the log from the commit of package cron checked in at Mon May 29 17:56:01 CEST 2006. -------- --- cron/cron.changes 2006-03-28 12:02:03.000000000 +0200 +++ cron/cron.changes 2006-05-29 16:50:35.000000000 +0200 @@ -1,0 +2,5 @@ +Mon May 29 16:49:48 CEST 2006 - kssingvo@suse.de + +- fixed priviledge escalation bug CVE-2006-2607 (bugzilla#178863) + +------------------------------------------------------------------- New: ---- vixie-cron-4.1-privilege_escalation.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cron.spec ++++++ --- /var/tmp/diff_new_pack.OVltsd/_old 2006-05-29 17:52:52.000000000 +0200 +++ /var/tmp/diff_new_pack.OVltsd/_new 2006-05-29 17:52:52.000000000 +0200 @@ -18,7 +18,7 @@ Autoreqprov: on PreReq: permissions Version: 4.1 -Release: 39 +Release: 45 Summary: cron Daemon Source0: vixie-%name-%version.tar.bz2 Source1: %name.init @@ -38,6 +38,7 @@ Patch11: vixie-cron-4.1-pam.diff Patch12: vixie-cron-4.1-sendasuser.diff Patch13: vixie-cron-4.1-stat-no-fstat.diff +Patch14: vixie-cron-4.1-privilege_escalation.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -70,6 +71,7 @@ %patch11 -p1 %patch12 -p0 %patch13 -p1 +%patch14 -p1 %build make DEFS="$RPM_OPT_FLAGS -DWITH_PAM -Wno-comment -fpie -fstack-protector" LDFLAGS="-pie" @@ -129,6 +131,8 @@ /usr/lib/cron %changelog -n cron +* Mon May 29 2006 - kssingvo@suse.de +- fixed priviledge escalation bug CVE-2006-2607 (bugzilla#178863) * Tue Mar 28 2006 - hvogel@suse.de - really enable PAM [#160426] * Sat Mar 11 2006 - schwab@suse.de ++++++ vixie-cron-4.1-privilege_escalation.patch ++++++ --- vixie-cron-4.1/do_command.c.orig 2006-05-29 16:45:32.000000000 +0200 +++ vixie-cron-4.1/do_command.c 2006-05-29 16:48:28.000000000 +0200 @@ -300,12 +300,24 @@ } } #else - setgid(e->pwd->pw_gid); + initgroups(usernm, e->pwd->pw_gid); #if (defined(BSD)) && (BSD >= 199103) setlogin(usernm); #endif /* BSD */ - setuid(e->pwd->pw_uid); /* we aren't root after this... */ + + if ( setgid(e->pwd->pw_gid) == -1 ) { + fprintf(stderr,"can't set gid for %s\n", e->pwd->pw_name); + _exit(1); + } + + if ( setuid(e->pwd->pw_uid) == -1 ) { + fprintf(stderr,"can't set uid for %s\n", e->pwd->pw_name); + _exit(1); + } + + /* we aren't root after this... */ + #endif /* LOGIN_CAP */ chdir(env_get("HOME", e->envp)); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...