Hello community, here is the log from the commit of package libgnomesu for openSUSE:11.4 checked in at Mon Jun 20 18:09:14 CEST 2011.
-------- --- old-versions/11.4/all/libgnomesu/libgnomesu.changes 2011-02-15 12:46:00.000000000 +0100 +++ 11.4/libgnomesu/libgnomesu.changes 2011-06-17 17:46:21.000000000 +0200 @@ -1,0 +2,7 @@ +Mon May 30 10:34:59 CEST 2011 - [email protected] + +- Add libgnomesu-check-setuid-retval.patch: really handle return + value of the setuid() call, to avoid a root exploit if it fails + because of rlimits. Fix bnc#695627 and CVE-2011-1946. + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/libgnomesu Destination is old-versions/11.4/UPDATES/all/libgnomesu calling whatdependson for 11.4-i586 New: ---- libgnomesu-check-setuid-retval.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgnomesu.spec ++++++ --- /var/tmp/diff_new_pack.o1V1ON/_old 2011-06-20 18:08:51.000000000 +0200 +++ /var/tmp/diff_new_pack.o1V1ON/_new 2011-06-20 18:08:51.000000000 +0200 @@ -19,7 +19,7 @@ Name: libgnomesu Version: 1.0.0 -Release: 329.<RELEASE3> +Release: 329.<RELEASE334> License: LGPLv2.1+ Summary: GNOME su Library Url: http://members.chello.nl/~h.lai/libgnomesu/ @@ -60,6 +60,8 @@ Patch16: libgnomesu-use-pam_xauth.patch # PATCH-FIX-UPSTREAM libgnomesu-reorder-pam-init.patch [email protected] -- Do commands in the same order as in coreutils/su.c in pam backend Patch17: libgnomesu-reorder-pam-init.patch +# PATCH-FIX-UPSTREAM libgnomesu-check-setuid-retval.patch bnc#695627 CVE-2011-1946 [email protected] -- Really handle return value of setuid() +Patch18: libgnomesu-check-setuid-retval.patch BuildRequires: fdupes BuildRequires: gconf2-devel BuildRequires: gtk2-devel @@ -121,6 +123,7 @@ %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 cp -a %{S:1} pam-backend/gnomesu-pam # Upstream is dead, libgnomesu.po in LCN includes strings in our patches: translation-update-upstream ++++++ libgnomesu-check-setuid-retval.patch ++++++ Index: libgnomesu-1.0.0/pam-backend/pam.c =================================================================== --- libgnomesu-1.0.0.orig/pam-backend/pam.c +++ libgnomesu-1.0.0/pam-backend/pam.c @@ -338,7 +338,15 @@ main (int argc, char *argv[]) #ifdef HAVE_SETFSUID setfsuid (pw->pw_uid); #endif /* HAVE_SETFSUID */ - change_identity (pw); + + if (change_identity (pw)) { + pam_close_session (pamh, 0); + if (setcred) + pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); + close_pam (pamh, retval); + fprintf (outf, PROTOCOL_ERROR); + return 1; + } modify_environment (pw); Index: libgnomesu-1.0.0/su-backend/common.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.c +++ libgnomesu-1.0.0/su-backend/common.c @@ -232,13 +232,20 @@ init_groups (const struct passwd *pw) #endif } -void +int change_identity (const struct passwd *pw) { - if (setgid (pw->pw_gid)) + if (setgid (pw->pw_gid)) { perror ("cannot set group id"); - if (setuid (pw->pw_uid)) + return -1; + } + + if (setuid (pw->pw_uid)) { perror ("cannot set user id"); + return -1; + } + + return 0; } void Index: libgnomesu-1.0.0/su-backend/su.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/su.c +++ libgnomesu-1.0.0/su-backend/su.c @@ -323,7 +323,12 @@ main (int argc, char **argv) init_xauth (pw); modify_environment (pw); init_groups (pw); - change_identity (pw); + + if (change_identity (pw)) { + fprintf (outf, PROTOCOL_ERROR); + return 1; + } + setup_xauth (pw); fprintf (outf, PROTOCOL_DONE); Index: libgnomesu-1.0.0/su-backend/common.h =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.h +++ libgnomesu-1.0.0/su-backend/common.h @@ -31,7 +31,7 @@ void xputenv (const char *val); void init_xauth (const struct passwd *pw); void setup_xauth (const struct passwd *pw); void init_groups (const struct passwd *pw); -void change_identity (const struct passwd *pw); +int change_identity (const struct passwd *pw); void modify_environment (const struct passwd *pw); void *safe_memset (void *s, int c, size_t n); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
