logrotate: fix for CVE-2011-1548
If a logfile is a symlink, it may be read when being compressed, being copied (copy, copytruncate) or mailed. Secure data (eg. password files) may be exposed. Portback nofollow.patch from: http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz (From OE-Core rev: d0e3fc1b28fc16200adbe690aa27124041036ba3) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
b8043be915
commit
bac191afc6
|
@ -0,0 +1,43 @@
|
||||||
|
Upstream-Status: Backport
|
||||||
|
|
||||||
|
logrotate: fix for CVE-2011-1548
|
||||||
|
|
||||||
|
If a logfile is a symlink, it may be read when being compressed, being
|
||||||
|
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
|
||||||
|
may be exposed.
|
||||||
|
|
||||||
|
Portback nofollow.patch from:
|
||||||
|
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
|
||||||
|
|
||||||
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
|
||||||
|
|
||||||
|
---
|
||||||
|
--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800
|
||||||
|
+++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800
|
||||||
|
@@ -390,7 +390,7 @@
|
||||||
|
compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
|
||||||
|
sprintf(compressedName, "%s%s", name, log->compress_ext);
|
||||||
|
|
||||||
|
- if ((inFile = open(name, O_RDWR)) < 0) {
|
||||||
|
+ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
|
||||||
|
message(MESS_ERROR, "unable to open %s for compression\n", name);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
@@ -470,7 +470,7 @@
|
||||||
|
char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
|
||||||
|
int rc = 0;
|
||||||
|
|
||||||
|
- if ((mailInput = open(logFile, O_RDONLY)) < 0) {
|
||||||
|
+ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
|
||||||
|
message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
|
||||||
|
strerror(errno));
|
||||||
|
return 1;
|
||||||
|
@@ -561,7 +561,7 @@
|
||||||
|
message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
|
||||||
|
|
||||||
|
if (!debug) {
|
||||||
|
- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
|
||||||
|
+ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
|
||||||
|
message(MESS_ERROR, "error opening %s: %s\n", currLog,
|
||||||
|
strerror(errno));
|
||||||
|
return 1;
|
|
@ -12,6 +12,7 @@ SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.g
|
||||||
file://act-as-mv-when-rotate.patch \
|
file://act-as-mv-when-rotate.patch \
|
||||||
file://disable-check-different-filesystems.patch \
|
file://disable-check-different-filesystems.patch \
|
||||||
file://update-the-manual.patch \
|
file://update-the-manual.patch \
|
||||||
|
file://logrotate-CVE-2011-1548.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5"
|
SRC_URI[md5sum] = "bd2e20d8dc644291b08f9215397d28a5"
|
||||||
|
|
Loading…
Reference in New Issue