Bug#435445: [Patch] CVE-2007-4074: priviledge escalation in festival

Wed, 01 Aug 2007 11:27:12 -0700 

On 8/1/07, Steve Kemp <[EMAIL PROTECTED]> wrote:
>   That'll need fixing up to call 'adduser' instead of the enewuser
>  in the postinst script.
>
>   If you could send us the patch you use for sid I'll upload a fixed
>  version for Etch.

Hi,

Another patch is attached which is adding user festival. I want that
team review it before I ping my sponsor to upload the package.

Thanks,
-- 
 --------------------------------------------------------
 Kartik Mistry  | Eng: kartikmistry.org/blog
 0xD1028C8D | Guj: kartikm.wordpress.com
 --------------------------------------------------------

diff -u festival-1.4.3-orig/debian/changelog festival-1.4.3/debian/changelog
--- festival-1.4.3-orig/debian/changelog	2007-08-01 23:20:08.000000000 +0530
+++ festival-1.4.3/debian/changelog	2007-08-01 23:26:21.000000000 +0530
@@ -1,3 +1,13 @@
+festival (1.4.3-21) unstable; urgency=medium
+
+  * debian/festival.init: fixed CVE-2007-4074: priviledge escalation
+    (Closes: #435445)
+  * debian/festival.postinst: we are adding festival user instead of giving
+    access to nobody, see bug 435445
+  * debian/control: added adduser to depends as we are using it for postinst
+
+ -- Kartik Mistry <[EMAIL PROTECTED]>  Wed, 1 Aug 2007 15:07:29 +0530
+
 festival (1.4.3-20) unstable; urgency=low
 
   * debian/control: Added file-rc along with sysv-rc in Depends for systems
diff -u festival-1.4.3-orig/debian/festival.init festival-1.4.3/debian/festival.init
--- festival-1.4.3-orig/debian/festival.init	2007-08-01 23:21:40.000000000 +0530
+++ festival-1.4.3/debian/festival.init	2007-08-01 23:15:03.000000000 +0530
@@ -40,7 +40,7 @@
 case "$1" in
   start)
     log_daemon_msg "Starting Festival server" "$NAME"
-    start-stop-daemon --start --chuid nobody:audio --background \
+    start-stop-daemon --start --chuid festival --background \
                       --exec $DAEMON -- --server
     log_end_msg 0
     ;;
@@ -52,7 +52,7 @@
   restart|reload|force-reload)
     log_daemon_msg "Restarting Festival server" "$NAME"
     start-stop-daemon --stop --oknodo --exec $REALPROC
-    start-stop-daemon --start --chuid nobody:audio --background \
+    start-stop-daemon --start --chuid festival --background \
                       --exec $DAEMON -- --server
     log_end_msg 0
     ;;
diff -u festival-1.4.3-orig/debian/festival.postinst festival-1.4.3/debian/festival.postinst
--- festival-1.4.3-orig/debian/festival.postinst	2007-08-01 23:22:00.000000000 +0530
+++ festival-1.4.3/debian/festival.postinst	2007-08-01 23:15:03.000000000 +0530
@@ -7,4 +7,14 @@
        rm -f /etc/rc0.d/K20festival /etc/rc6.d/K20festival
 fi
 
+# Create festival group if it doesn't already exist.
+if ! getent group festival >/dev/null; then
+       addgroup --quiet --system festival
+fi
+
+# Create festival user if it doesn't already exist.
+if ! getent passwd festival >/dev/null; then
+       adduser festival --quiet --system --ingroup festival --no-create-home
+fi
+
 #DEBHELPER#

Reply via email to