Hi, the problem is that HAVE_FCHOWN & others are missing from config.h.in. I've attached an update for 0002-CVE-2009-1299 which fixes this problem.
best, Torsten -- .: Torsten Marek .: http://shlomme.diotavelli.net .: tors...@diotavelli.net -- GnuPG: 1024D/A244C858
# From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001 # From: Kees Cook <k...@ubuntu.com> # Date: Tue, 2 Mar 2010 21:33:34 -0800 # Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created diff --git a/configure.ac b/configure.ac index 1b80788..abcce13 100644 --- a/configure.ac +++ b/configure.ac @@ -424,7 +424,7 @@ AC_CHECK_FUNCS_ONCE([lrintf strtof]) AC_FUNC_FORK AC_FUNC_GETGROUPS AC_FUNC_SELECT_ARGTYPES -AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \ +AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \ getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \ pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \ sigaction sleep sysconf pthread_setaffinity_np]) diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c index d6017b9..a642553 100644 --- a/src/pulsecore/core-util.c +++ b/src/pulsecore/core-util.c @@ -199,7 +199,7 @@ void pa_make_fd_cloexec(int fd) { /** Creates a directory securely */ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) { struct stat st; - int r, saved_errno; + int r, saved_errno, fd; pa_assert(dir); @@ -217,16 +217,45 @@ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) { if (r < 0 && errno != EEXIST) return -1; -#ifdef HAVE_CHOWN +#ifdef HAVE_FSTAT + if ((fd = open(dir, +#ifdef O_CLOEXEC + O_CLOEXEC| +#endif +#ifdef O_NOCTTY + O_NOCTTY| +#endif +#ifdef O_NOFOLLOW + O_NOFOLLOW| +#endif + O_RDONLY)) < 0) + goto fail; + + if (fstat(fd, &st) < 0) { + pa_assert_se(pa_close(fd) >= 0); + goto fail; + } + + if (!S_ISDIR(st.st_mode)) { + pa_assert_se(pa_close(fd) >= 0); + errno = EEXIST; + goto fail; + } + +#ifdef HAVE_FCHOWN if (uid == (uid_t)-1) uid = getuid(); if (gid == (gid_t)-1) gid = getgid(); - (void) chown(dir, uid, gid); + (void) fchown(fd, uid, gid); +#endif + +#ifdef HAVE_FCHMOD + (void) fchmod(fd, m); #endif -#ifdef HAVE_CHMOD - chmod(dir, m); + pa_assert_se(pa_close(fd) >= 0); + #endif #ifdef HAVE_LSTAT --- a/config.h.in 2010-04-05 12:28:24.878676900 +0200 +++ b/config.h.in 2010-04-05 12:28:51.000000000 +0200 @@ -92,9 +92,18 @@ /* Define to 1 if you have the <execinfo.h> header file. */ #undef HAVE_EXECINFO_H +/* Define to 1 if you have the `fchmod' function. */ +#undef HAVE_FCHMOD + +/* Define to 1 if you have the `fchown' function. */ +#undef HAVE_FCHOWN + /* Define to 1 if you have the `fork' function. */ #undef HAVE_FORK +/* Define to 1 if you have the `fstat' function. */ +#undef HAVE_FSTAT + /* Have gdbm? */ #undef HAVE_GDBM
signature.asc
Description: This is a digitally signed message part