Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Carsten Munk
committed
Oct 4, 2011
0 parents
commit 1f9fe09
Showing
18 changed files
with
4,634 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<attributes> | ||
<attribute namespace="Mer" name="MeeGoUpstreamRev"> | ||
<value>b5e2e1cba5dc881651114612526e96d6</value> | ||
</attribute> | ||
</attributes> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<package project="Mer:Trunk:Base" name="glibc"> | ||
<title>The GNU libc libraries</title> | ||
<description>The glibc package contains standard libraries which are used by | ||
multiple programs on the system. In order to save disk space and | ||
memory, as well as to make upgrading easier, common system code is | ||
kept in one place and shared between programs. This particular package | ||
contains the most important sets of shared libraries: the standard C | ||
library and the standard math library. Without these two libraries, a | ||
Linux system will not function. | ||
|
||
</description> | ||
<url>http://sources.redhat.com/glibc/</url> | ||
</package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
2010-10-18 Andreas Schwab <schwab@redhat.com> | ||
|
||
* elf/dl-load.c (is_dst): Remove last parameter. | ||
(_dl_dst_count): Ignore $ORIGIN in privileged programs. | ||
(_dl_dst_substitute): Likewise. | ||
--- | ||
elf/dl-load.c | 30 +++++++++++++----------------- | ||
1 files changed, 13 insertions(+), 17 deletions(-) | ||
|
||
diff --git a/elf/dl-load.c b/elf/dl-load.c | ||
index a7162eb..776f7e4 100644 | ||
--- a/elf/dl-load.c | ||
+++ b/elf/dl-load.c | ||
@@ -169,8 +169,7 @@ local_strdup (const char *s) | ||
|
||
|
||
static size_t | ||
-is_dst (const char *start, const char *name, const char *str, | ||
- int is_path, int secure) | ||
+is_dst (const char *start, const char *name, const char *str, int is_path) | ||
{ | ||
size_t len; | ||
bool is_curly = false; | ||
@@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str, | ||
&& (!is_path || name[len] != ':')) | ||
return 0; | ||
|
||
- if (__builtin_expect (secure, 0) | ||
- && ((name[len] != '\0' && (!is_path || name[len] != ':')) | ||
- || (name != start + 1 && (!is_path || name[-2] != ':')))) | ||
- return 0; | ||
- | ||
return len; | ||
} | ||
|
||
@@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path) | ||
{ | ||
size_t len; | ||
|
||
- /* $ORIGIN is not expanded for SUID/GUID programs (except if it | ||
- is $ORIGIN alone) and it must always appear first in path. */ | ||
+ /* $ORIGIN is not expanded for SUID/GUID programs. */ | ||
++name; | ||
- if ((len = is_dst (start, name, "ORIGIN", is_path, | ||
- INTUSE(__libc_enable_secure))) != 0 | ||
- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0 | ||
- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0) | ||
+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0 | ||
+ && !INTUSE(__libc_enable_secure)) | ||
+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0 | ||
+ || (len = is_dst (start, name, "LIB", is_path)) != 0) | ||
++cnt; | ||
|
||
name = strchr (name + len, '$'); | ||
@@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, | ||
size_t len; | ||
|
||
++name; | ||
- if ((len = is_dst (start, name, "ORIGIN", is_path, | ||
- INTUSE(__libc_enable_secure))) != 0) | ||
+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0) | ||
{ | ||
+ /* Ignore this path element in SUID/SGID programs. */ | ||
+ if (INTUSE(__libc_enable_secure)) | ||
+ repl = (const char *) -1; | ||
+ else | ||
#ifndef SHARED | ||
if (l == NULL) | ||
repl = _dl_get_origin (); | ||
@@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, | ||
#endif | ||
repl = l->l_origin; | ||
} | ||
- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) | ||
+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0) | ||
repl = GLRO(dl_platform); | ||
- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0) | ||
+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0) | ||
repl = DL_DST_LIB; | ||
|
||
if (repl != NULL && repl != (const char *) -1) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,186 @@ | ||
From 47c3cd7a74e8c089d60d603afce6d9cf661178d6 Mon Sep 17 00:00:00 2001 | ||
From: Ulrich Drepper <drepper@gmail.com> | ||
Date: Sat, 7 May 2011 11:44:26 -0400 | ||
Subject: [PATCH] Allow $ORIGIN to reference trusted directoreis in SUID binaries. | ||
|
||
2011-05-07 Petr Baudis <pasky@suse.cz> | ||
Ulrich Drepper <drepper@gmail.com> | ||
|
||
[BZ #12393] | ||
* elf/dl-load.c (fillin_rpath): Move trusted path check... | ||
(is_trusted_path): ...to here. | ||
(is_norm_trusted_path): Add wrapper for /../ and /./ normalization. | ||
(_dl_dst_substitute): Verify expanded $ORIGIN path elements | ||
using is_norm_trusted_path() in setuid scripts. | ||
|
||
diff --git a/elf/dl-load.c b/elf/dl-load.c | ||
index 00ea465..f2773d5 100644 | ||
--- a/elf/dl-load.c | ||
+++ b/elf/dl-load.c | ||
@@ -168,6 +168,71 @@ local_strdup (const char *s) | ||
} | ||
|
||
|
||
+static bool | ||
+is_trusted_path (const char *path, size_t len) | ||
+{ | ||
+ /* All trusted directories must be complete names. */ | ||
+ if (path[0] != '/') | ||
+ return false; | ||
+ | ||
+ const char *trun = system_dirs; | ||
+ | ||
+ for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) | ||
+ { | ||
+ if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0) | ||
+ /* Found it. */ | ||
+ return true; | ||
+ | ||
+ trun += system_dirs_len[idx] + 1; | ||
+ } | ||
+ | ||
+ return false; | ||
+} | ||
+ | ||
+ | ||
+static bool | ||
+is_trusted_path_normalize (const char *path, size_t len) | ||
+{ | ||
+ char *npath = (char *) alloca (len + 2); | ||
+ char *wnp = npath; | ||
+ | ||
+ while (*path != '\0') | ||
+ { | ||
+ if (path[0] == '/') | ||
+ { | ||
+ if (path[1] == '.') | ||
+ { | ||
+ if (path[2] == '.' && (path[3] == '/' || path[3] == '\0')) | ||
+ { | ||
+ while (wnp > npath && *--wnp != '/') | ||
+ ; | ||
+ path += 3; | ||
+ continue; | ||
+ } | ||
+ else if (path[2] == '/' || path[2] == '\0') | ||
+ { | ||
+ path += 2; | ||
+ continue; | ||
+ } | ||
+ } | ||
+ | ||
+ if (wnp > npath && wnp[-1] == '/') | ||
+ { | ||
+ ++path; | ||
+ continue; | ||
+ } | ||
+ } | ||
+ | ||
+ *wnp++ = *path++; | ||
+ } | ||
+ if (wnp > npath && wnp[-1] != '/') | ||
+ *wnp++ = '/'; | ||
+ *wnp = '\0'; | ||
+ | ||
+ return is_trusted_path (npath, wnp - npath); | ||
+} | ||
+ | ||
+ | ||
static size_t | ||
is_dst (const char *start, const char *name, const char *str, | ||
int is_path, int secure) | ||
@@ -240,13 +305,14 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, | ||
int is_path) | ||
{ | ||
const char *const start = name; | ||
- char *last_elem, *wp; | ||
|
||
/* Now fill the result path. While copying over the string we keep | ||
track of the start of the last path element. When we come accross | ||
a DST we copy over the value or (if the value is not available) | ||
leave the entire path element out. */ | ||
- last_elem = wp = result; | ||
+ char *wp = result; | ||
+ char *last_elem = result; | ||
+ bool check_for_trusted = false; | ||
|
||
do | ||
{ | ||
@@ -265,6 +331,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, | ||
else | ||
#endif | ||
repl = l->l_origin; | ||
+ | ||
+ check_for_trusted = (INTUSE(__libc_enable_secure) | ||
+ && l->l_type == lt_executable); | ||
} | ||
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) | ||
repl = GLRO(dl_platform); | ||
@@ -297,11 +366,29 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, | ||
{ | ||
*wp++ = *name++; | ||
if (is_path && *name == ':') | ||
- last_elem = wp; | ||
+ { | ||
+ /* In SUID/SGID programs, after $ORIGIN expansion the | ||
+ normalized path must be rooted in one of the trusted | ||
+ directories. */ | ||
+ if (__builtin_expect (check_for_trusted, false) | ||
+ && is_trusted_path_normalize (last_elem, wp - last_elem)) | ||
+ { | ||
+ wp = last_elem; | ||
+ check_for_trusted = false; | ||
+ } | ||
+ else | ||
+ last_elem = wp; | ||
+ } | ||
} | ||
} | ||
while (*name != '\0'); | ||
|
||
+ /* In SUID/SGID programs, after $ORIGIN expansion the normalized | ||
+ path must be rooted in one of the trusted directories. */ | ||
+ if (__builtin_expect (check_for_trusted, false) | ||
+ && is_trusted_path_normalize (last_elem, wp - last_elem)) | ||
+ wp = last_elem; | ||
+ | ||
*wp = '\0'; | ||
|
||
return result; | ||
@@ -411,33 +498,8 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, | ||
cp[len++] = '/'; | ||
|
||
/* Make sure we don't use untrusted directories if we run SUID. */ | ||
- if (__builtin_expect (check_trusted, 0)) | ||
- { | ||
- const char *trun = system_dirs; | ||
- size_t idx; | ||
- int unsecure = 1; | ||
- | ||
- /* All trusted directories must be complete names. */ | ||
- if (cp[0] == '/') | ||
- { | ||
- for (idx = 0; idx < nsystem_dirs_len; ++idx) | ||
- { | ||
- if (len == system_dirs_len[idx] | ||
- && memcmp (trun, cp, len) == 0) | ||
- { | ||
- /* Found it. */ | ||
- unsecure = 0; | ||
- break; | ||
- } | ||
- | ||
- trun += system_dirs_len[idx] + 1; | ||
- } | ||
- } | ||
- | ||
- if (unsecure) | ||
- /* Simply drop this directory. */ | ||
- continue; | ||
- } | ||
+ if (__builtin_expect (check_trusted, 0) && !is_trusted_path (cp, len)) | ||
+ continue; | ||
|
||
/* See if this directory is already known. */ | ||
for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
From e1fb097f447a89aa69a926e45e673a52d86a6c57 Mon Sep 17 00:00:00 2001 | ||
From: Ulrich Drepper <drepper@gmail.com> | ||
Date: Wed, 11 May 2011 23:37:25 -0400 | ||
Subject: [PATCH] Report write error in addmnt even for cached streams. | ||
|
||
2011-05-11 Ulrich Drepper <drepper@gmail.com> | ||
|
||
[BZ #12625] | ||
* misc/mntent_r.c (addmntent): Flush the stream after the output | ||
|
||
diff --git a/misc/mntent_r.c b/misc/mntent_r.c | ||
index 9598528..6959f0e 100644 | ||
--- a/misc/mntent_r.c | ||
+++ b/misc/mntent_r.c | ||
@@ -263,8 +263,8 @@ __addmntent (FILE *stream, const struct mntent *mnt) | ||
mntcopy.mnt_type, | ||
mntcopy.mnt_opts, | ||
mntcopy.mnt_freq, | ||
- mntcopy.mnt_passno) | ||
- < 0 ? 1 : 0); | ||
+ mntcopy.mnt_passno) < 0 | ||
+ || fflush (stream) != 0); | ||
} | ||
weak_alias (__addmntent, addmntent) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
From 8126d90480fa3e0c5c5cd0d02cb1c93174b45485 Mon Sep 17 00:00:00 2001 | ||
From: Ulrich Drepper <drepper@gmail.com> | ||
Date: Fri, 18 Mar 2011 05:29:20 -0400 | ||
Subject: [PATCH] Check size of pattern in wide character representation in fnmatch. | ||
|
||
2011-03-18 Ulrich Drepper <drepper@gmail.com> | ||
|
||
* posix/fnmatch.c (fnmatch): Check size of pattern in wide | ||
character representation. | ||
Partly based on a patch by Tomas Hoger <thoger@redhat.com>. | ||
diff --git a/posix/fnmatch.c b/posix/fnmatch.c | ||
index 0af5ee6..819a6a7 100644 | ||
--- a/posix/fnmatch.c | ||
+++ b/posix/fnmatch.c | ||
@@ -1,4 +1,4 @@ | ||
-/* Copyright (C) 1991,1992,1993,1996,1997,1998,1999,2000,2001,2002,2003,2007,2010 | ||
+/* Copyright (C) 1991,1992,1993,1996,1997,1998,1999,2000,2001,2002,2003,2007,2010,2011 | ||
Free Software Foundation, Inc. | ||
This file is part of the GNU C Library. | ||
|
||
@@ -375,6 +375,11 @@ fnmatch (pattern, string, flags) | ||
XXX Do we have to set `errno' to something which mbsrtows hasn't | ||
already done? */ | ||
return -1; | ||
+ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0)) | ||
+ { | ||
+ __set_errno (ENOMEM); | ||
+ return -2; | ||
+ } | ||
wpattern_malloc = wpattern | ||
= (wchar_t *) malloc ((n + 1) * sizeof (wchar_t)); | ||
assert (mbsinit (&ps)); | ||
@@ -419,6 +424,12 @@ fnmatch (pattern, string, flags) | ||
XXX Do we have to set `errno' to something which mbsrtows hasn't | ||
already done? */ | ||
goto free_return; | ||
+ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0)) | ||
+ { | ||
+ free (wpattern_malloc); | ||
+ __set_errno (ENOMEM); | ||
+ return -2; | ||
+ } | ||
|
||
wstring_malloc = wstring | ||
= (wchar_t *) malloc ((n + 1) * sizeof (wchar_t)); | ||
|
Binary file not shown.
Oops, something went wrong.