diff options
Diffstat (limited to 'poky/meta/recipes-core/libcgroup')
-rw-r--r-- | poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | 37 | ||||
-rw-r--r-- | poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb | 3 |
2 files changed, 39 insertions, 1 deletions
diff --git a/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch b/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch new file mode 100644 index 000000000..d133703de --- /dev/null +++ b/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch @@ -0,0 +1,37 @@ +From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001 +From: Michal Hocko <mhocko@suse.com> +Date: Wed, 18 Jul 2018 11:24:29 +0200 +Subject: [PATCH] cgrulesengd: remove umask(0) + +One of our partners has noticed that cgred daemon is creating a log file +(/var/log/cgred) with too wide permissions (0666) and that is seen as +a security bug because an untrusted user can write to otherwise +restricted area. CVE-2018-14348 has been assigned to this issue. + +CVE: CVE-2018-14348 +Upstream-Status: Backport [https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590] + +Signed-off-by: Michal Hocko <mhocko@suse.com> +Acked-by: Balbir Singh <bsingharora@gmail.com> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/daemon/cgrulesengd.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c +index ea51f11..0d288f3 100644 +--- a/src/daemon/cgrulesengd.c ++++ b/src/daemon/cgrulesengd.c +@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf, + } else if (pid > 0) { + exit(EXIT_SUCCESS); + } +- +- /* Change the file mode mask. */ +- umask(0); + } else { + flog(LOG_DEBUG, "Not using daemon mode\n"); + pid = getpid(); +-- +2.13.3 + diff --git a/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb b/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb index 7ddc81e9b..92d7261b0 100644 --- a/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb +++ b/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb @@ -11,7 +11,8 @@ inherit autotools pkgconfig DEPENDS = "bison-native flex-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2 \ + file://CVE-2018-14348.patch" SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" |