diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2016-02-29 17:08:08 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2016-03-01 08:54:20 +0100 |
commit | 5941cbcb27255f6a84c64ed504221cad3b1bad1c (patch) | |
tree | ce03f8d6afb11dc43c92ba684c21acbc99da6a9c /net-dialup/mingetty | |
parent | Merge remote-tracking branch 'remotes/github/pr/943' (diff) | |
download | gentoo-5941cbcb27255f6a84c64ed504221cad3b1bad1c.tar.gz gentoo-5941cbcb27255f6a84c64ed504221cad3b1bad1c.tar.bz2 gentoo-5941cbcb27255f6a84c64ed504221cad3b1bad1c.zip |
net-dialup/mingetty: Fixed usage of unsafe chroot call (bug #339338).
Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-dialup/mingetty')
-rw-r--r-- | net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch | 36 | ||||
-rw-r--r-- | net-dialup/mingetty/mingetty-1.08-r1.ebuild | 34 |
2 files changed, 70 insertions, 0 deletions
diff --git a/net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch b/net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch new file mode 100644 index 000000000000..4c5d2b29cf7f --- /dev/null +++ b/net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch @@ -0,0 +1,36 @@ +Check chdir() on chroot() syscalls (and similar) as chroot without proper +chdir() allows to escape from changed root. + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597382 +http://sourceforge.net/tracker/?func=detail&aid=3095679&group_id=80387&atid=559616 + +--- mingetty-1.08/mingetty.c ++++ mingetty-1.08/mingetty.c +@@ -422,12 +422,21 @@ + while ((logname = get_logname ()) == 0) + /* do nothing */ ; + +- if (ch_root) +- chroot (ch_root); +- if (ch_dir) +- chdir (ch_dir); +- if (priority) +- nice (priority); ++ if (ch_root) { ++ if (chroot (ch_root)) ++ error ("chroot(\"%s\") failed: %s", ch_root, strerror (errno)); ++ if (chdir("/")) ++ error ("chdir(\"/\") failed: %s", strerror (errno)); ++ } ++ if (ch_dir) { ++ if (chdir (ch_dir)) ++ error ("chdir(\"%s\") failed: %s", ch_dir, strerror (errno)); ++ } ++ if (priority) { ++ errno = 0; /* see the nice(2) NOTES for why we do this */ ++ if ((nice (priority) == -1) && (errno != 0)) ++ error ("nice(%d) failed: %s", priority, strerror (errno)); ++ } + + execl (loginprog, loginprog, autologin? "-f" : "--", logname, NULL); + error ("%s: can't exec %s: %s", tty, loginprog, strerror (errno)); diff --git a/net-dialup/mingetty/mingetty-1.08-r1.ebuild b/net-dialup/mingetty/mingetty-1.08-r1.ebuild new file mode 100644 index 000000000000..171a29938e12 --- /dev/null +++ b/net-dialup/mingetty/mingetty-1.08-r1.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit toolchain-funcs eutils + +DESCRIPTION="A compact getty program for virtual consoles only" +HOMEPAGE="http://sourceforge.net/projects/mingetty" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="unicode" + +PATCHES=( + "${FILESDIR}/${PN}-1.08-check_chroot_chdir_nice.patch" +) + +src_prepare() { + use unicode && eapply "${FILESDIR}"/${PN}-1.08-utf8.patch + default +} + +src_compile() { + emake CFLAGS="${CFLAGS} -Wall -W -pipe -D_GNU_SOURCE" CC="$(tc-getCC)" +} + +src_install () { + dodir /sbin /usr/share/man/man8 + emake DESTDIR="${D}" install +} |