* [Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348
@ 2020-02-29 22:30 Fabrice Fontaine
2020-03-01 7:42 ` Yann E. MORIN
2020-03-14 18:21 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-02-29 22:30 UTC (permalink / raw)
To: buildroot
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
regardless of the configured umask, leading to disclosure of information
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
.../0001-cgrulesengd-remove-umask-0.patch | 33 +++++++++++++++++++
package/libcgroup/libcgroup.mk | 3 ++
2 files changed, 36 insertions(+)
create mode 100644 package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
diff --git a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
new file mode 100644
index 0000000000..1d9077a2d6
--- /dev/null
+++ b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
@@ -0,0 +1,33 @@
+From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.com>
+Date: Wed, 18 Jul 2018 11:24:29 +0200
+Subject: [PATCH] cgrulesengd: remove umask(0)
+
+One of our partners has noticed that cgred daemon is creating a log file
+(/var/log/cgred) with too wide permissions (0666) and that is seen as
+a security bug because an untrusted user can write to otherwise
+restricted area. CVE-2018-14348 has been assigned to this issue.
+
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Balbir Singh <bsingharora@gmail.com>
+[Retrieved from:
+https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ src/daemon/cgrulesengd.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
+index ea51f11..0d288f3 100644
+--- a/src/daemon/cgrulesengd.c
++++ b/src/daemon/cgrulesengd.c
+@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
+ } else if (pid > 0) {
+ exit(EXIT_SUCCESS);
+ }
+-
+- /* Change the file mode mask. */
+- umask(0);
+ } else {
+ flog(LOG_DEBUG, "Not using daemon mode\n");
+ pid = getpid();
diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
index 3845627d48..a26d5f2ddf 100644
--- a/package/libcgroup/libcgroup.mk
+++ b/package/libcgroup/libcgroup.mk
@@ -12,6 +12,9 @@ LIBCGROUP_LICENSE_FILES = COPYING
LIBCGROUP_DEPENDENCIES = host-bison host-flex
LIBCGROUP_INSTALL_STAGING = YES
+# 0001-cgrulesengd-remove-umask-0.patch
+LIBCGROUP_IGNORE_CVES += CVE-2018-14348
+
# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
# large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
# for more information.
--
2.25.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348
2020-02-29 22:30 [Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348 Fabrice Fontaine
@ 2020-03-01 7:42 ` Yann E. MORIN
2020-03-14 18:21 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2020-03-01 7:42 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2020-02-29 23:30 +0100, Fabrice Fontaine spake thusly:
> libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
> regardless of the configured umask, leading to disclosure of information
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> .../0001-cgrulesengd-remove-umask-0.patch | 33 +++++++++++++++++++
> package/libcgroup/libcgroup.mk | 3 ++
> 2 files changed, 36 insertions(+)
> create mode 100644 package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
>
> diff --git a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> new file mode 100644
> index 0000000000..1d9077a2d6
> --- /dev/null
> +++ b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> @@ -0,0 +1,33 @@
> +From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
> +From: Michal Hocko <mhocko@suse.com>
> +Date: Wed, 18 Jul 2018 11:24:29 +0200
> +Subject: [PATCH] cgrulesengd: remove umask(0)
> +
> +One of our partners has noticed that cgred daemon is creating a log file
> +(/var/log/cgred) with too wide permissions (0666) and that is seen as
> +a security bug because an untrusted user can write to otherwise
> +restricted area. CVE-2018-14348 has been assigned to this issue.
> +
> +Signed-off-by: Michal Hocko <mhocko@suse.com>
> +Acked-by: Balbir Singh <bsingharora@gmail.com>
> +[Retrieved from:
> +https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +---
> + src/daemon/cgrulesengd.c | 3 ---
> + 1 file changed, 3 deletions(-)
> +
> +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> +index ea51f11..0d288f3 100644
> +--- a/src/daemon/cgrulesengd.c
> ++++ b/src/daemon/cgrulesengd.c
> +@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
> + } else if (pid > 0) {
> + exit(EXIT_SUCCESS);
> + }
> +-
> +- /* Change the file mode mask. */
> +- umask(0);
> + } else {
> + flog(LOG_DEBUG, "Not using daemon mode\n");
> + pid = getpid();
> diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
> index 3845627d48..a26d5f2ddf 100644
> --- a/package/libcgroup/libcgroup.mk
> +++ b/package/libcgroup/libcgroup.mk
> @@ -12,6 +12,9 @@ LIBCGROUP_LICENSE_FILES = COPYING
> LIBCGROUP_DEPENDENCIES = host-bison host-flex
> LIBCGROUP_INSTALL_STAGING = YES
>
> +# 0001-cgrulesengd-remove-umask-0.patch
> +LIBCGROUP_IGNORE_CVES += CVE-2018-14348
> +
> # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
> # large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
> # for more information.
> --
> 2.25.0
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348
2020-02-29 22:30 [Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348 Fabrice Fontaine
2020-03-01 7:42 ` Yann E. MORIN
@ 2020-03-14 18:21 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-03-14 18:21 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
> regardless of the configured umask, leading to disclosure of information
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-14 18:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-29 22:30 [Buildroot] [PATCH 1/1] package/libcgroup: fix CVE-2018-14348 Fabrice Fontaine
2020-03-01 7:42 ` Yann E. MORIN
2020-03-14 18:21 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox