summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2016-02-29 17:08:08 +0100
committerLars Wendler <polynomial-c@gentoo.org>2016-03-01 08:54:20 +0100
commit5941cbcb27255f6a84c64ed504221cad3b1bad1c (patch)
treece03f8d6afb11dc43c92ba684c21acbc99da6a9c /net-dialup/mingetty
parentMerge remote-tracking branch 'remotes/github/pr/943' (diff)
downloadgentoo-5941cbcb27255f6a84c64ed504221cad3b1bad1c.tar.gz
gentoo-5941cbcb27255f6a84c64ed504221cad3b1bad1c.tar.bz2
gentoo-5941cbcb27255f6a84c64ed504221cad3b1bad1c.zip
net-dialup/mingetty: Fixed usage of unsafe chroot call (bug #339338).
Package-Manager: portage-2.2.27 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-dialup/mingetty')
-rw-r--r--net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch36
-rw-r--r--net-dialup/mingetty/mingetty-1.08-r1.ebuild34
2 files changed, 70 insertions, 0 deletions
diff --git a/net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch b/net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch
new file mode 100644
index 000000000000..4c5d2b29cf7f
--- /dev/null
+++ b/net-dialup/mingetty/files/mingetty-1.08-check_chroot_chdir_nice.patch
@@ -0,0 +1,36 @@
+Check chdir() on chroot() syscalls (and similar) as chroot without proper
+chdir() allows to escape from changed root.
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597382
+http://sourceforge.net/tracker/?func=detail&aid=3095679&group_id=80387&atid=559616
+
+--- mingetty-1.08/mingetty.c
++++ mingetty-1.08/mingetty.c
+@@ -422,12 +422,21 @@
+ while ((logname = get_logname ()) == 0)
+ /* do nothing */ ;
+
+- if (ch_root)
+- chroot (ch_root);
+- if (ch_dir)
+- chdir (ch_dir);
+- if (priority)
+- nice (priority);
++ if (ch_root) {
++ if (chroot (ch_root))
++ error ("chroot(\"%s\") failed: %s", ch_root, strerror (errno));
++ if (chdir("/"))
++ error ("chdir(\"/\") failed: %s", strerror (errno));
++ }
++ if (ch_dir) {
++ if (chdir (ch_dir))
++ error ("chdir(\"%s\") failed: %s", ch_dir, strerror (errno));
++ }
++ if (priority) {
++ errno = 0; /* see the nice(2) NOTES for why we do this */
++ if ((nice (priority) == -1) && (errno != 0))
++ error ("nice(%d) failed: %s", priority, strerror (errno));
++ }
+
+ execl (loginprog, loginprog, autologin? "-f" : "--", logname, NULL);
+ error ("%s: can't exec %s: %s", tty, loginprog, strerror (errno));
diff --git a/net-dialup/mingetty/mingetty-1.08-r1.ebuild b/net-dialup/mingetty/mingetty-1.08-r1.ebuild
new file mode 100644
index 000000000000..171a29938e12
--- /dev/null
+++ b/net-dialup/mingetty/mingetty-1.08-r1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit toolchain-funcs eutils
+
+DESCRIPTION="A compact getty program for virtual consoles only"
+HOMEPAGE="http://sourceforge.net/projects/mingetty"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="unicode"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-1.08-check_chroot_chdir_nice.patch"
+)
+
+src_prepare() {
+ use unicode && eapply "${FILESDIR}"/${PN}-1.08-utf8.patch
+ default
+}
+
+src_compile() {
+ emake CFLAGS="${CFLAGS} -Wall -W -pipe -D_GNU_SOURCE" CC="$(tc-getCC)"
+}
+
+src_install () {
+ dodir /sbin /usr/share/man/man8
+ emake DESTDIR="${D}" install
+}