Sat Dec 15 09:26:07 2012 UTC ()
Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Fix CVE-2011-4029: File permission change vulnerability.
Use fchmod() to change permissions of the lock file instead of
chmod(), thus avoid the race that can be exploited to set a symbolic
link to any file or directory in the system. Signed-off-by: Matthieu
Herrb <matthieu.herrb@laas.fr> Reviewed-by: Alan Coopersmith
<alan.coopersmith@oracle.com>


(is)
diff -r1.72 -r1.73 pkgsrc/x11/modular-xorg-server/Makefile
diff -r1.46 -r1.47 pkgsrc/x11/modular-xorg-server/distinfo
diff -r0 -r1.1 pkgsrc/x11/modular-xorg-server/patches/patch-os_utils.c
cvs diff -r1.72 -r1.73 pkgsrc/x11/modular-xorg-server/Makefile (expand / switch to unified diff)

--- pkgsrc/x11/modular-xorg-server/Makefile 2012/10/29 05:06:40 1.72
+++ pkgsrc/x11/modular-xorg-server/Makefile 2012/12/15 09:26:07 1.73
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1# $NetBSD: Makefile,v 1.72 2012/10/29 05:06:40 asau Exp $ 1# $NetBSD: Makefile,v 1.73 2012/12/15 09:26:07 is Exp $
2# 2#
3 3
4DISTNAME= xorg-server-1.6.5 4DISTNAME= xorg-server-1.6.5
5PKGNAME= modular-${DISTNAME} 5PKGNAME= modular-${DISTNAME}
6PKGREVISION= 13 6PKGREVISION= 14
7CATEGORIES= x11 7CATEGORIES= x11
8MASTER_SITES= ${MASTER_SITE_XORG:=xserver/} 8MASTER_SITES= ${MASTER_SITE_XORG:=xserver/}
9EXTRACT_SUFX= .tar.bz2 9EXTRACT_SUFX= .tar.bz2
10 10
11MAINTAINER= pkgsrc-users@NetBSD.org 11MAINTAINER= pkgsrc-users@NetBSD.org
12HOMEPAGE= http://xorg.freedesktop.org/ 12HOMEPAGE= http://xorg.freedesktop.org/
13COMMENT= Modular X11 server from modular X.org 13COMMENT= Modular X11 server from modular X.org
14 14
15SPECIAL_PERMS+= bin/Xorg ${SETUID_ROOT_PERMS} 15SPECIAL_PERMS+= bin/Xorg ${SETUID_ROOT_PERMS}
16 16
17GNU_CONFIGURE= yes 17GNU_CONFIGURE= yes
18USE_LIBTOOL= yes 18USE_LIBTOOL= yes
19USE_TOOLS+= gmake pkg-config 19USE_TOOLS+= gmake pkg-config
cvs diff -r1.46 -r1.47 pkgsrc/x11/modular-xorg-server/distinfo (expand / switch to unified diff)

--- pkgsrc/x11/modular-xorg-server/distinfo 2012/05/04 16:40:01 1.46
+++ pkgsrc/x11/modular-xorg-server/distinfo 2012/12/15 09:26:07 1.47
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1$NetBSD: distinfo,v 1.46 2012/05/04 16:40:01 joerg Exp $ 1$NetBSD: distinfo,v 1.47 2012/12/15 09:26:07 is Exp $
2 2
3SHA1 (xorg-server-1.6.5.tar.bz2) = c57c80dd15d3ca492e58ae993b9015d085ec6ea6 3SHA1 (xorg-server-1.6.5.tar.bz2) = c57c80dd15d3ca492e58ae993b9015d085ec6ea6
4RMD160 (xorg-server-1.6.5.tar.bz2) = 702970358a5643dbc9205f42e39c5b8ed2ff845a 4RMD160 (xorg-server-1.6.5.tar.bz2) = 702970358a5643dbc9205f42e39c5b8ed2ff845a
5Size (xorg-server-1.6.5.tar.bz2) = 4678406 bytes 5Size (xorg-server-1.6.5.tar.bz2) = 4678406 bytes
6SHA1 (patch-ab) = c65457bf58b7504375b31512c743c9f1a5dcdde0 6SHA1 (patch-ab) = c65457bf58b7504375b31512c743c9f1a5dcdde0
7SHA1 (patch-ac) = fdc115fad11cddcc77e3aee4d6992b6e7c6fbf32 7SHA1 (patch-ac) = fdc115fad11cddcc77e3aee4d6992b6e7c6fbf32
8SHA1 (patch-af) = 722d4679d3386c9a02e1c45a1aa355658ccc2908 8SHA1 (patch-af) = 722d4679d3386c9a02e1c45a1aa355658ccc2908
9SHA1 (patch-aj) = 84ff5c6215d0b62734cf26e78394a70afe2b7007 9SHA1 (patch-aj) = 84ff5c6215d0b62734cf26e78394a70afe2b7007
10SHA1 (patch-ak) = df6d3b2172254e1f9d44eb40144cad5ed29a7d1d 10SHA1 (patch-ak) = df6d3b2172254e1f9d44eb40144cad5ed29a7d1d
11SHA1 (patch-al) = cb1fb44037f23fb2838ed36aaf2591946264fe53 11SHA1 (patch-al) = cb1fb44037f23fb2838ed36aaf2591946264fe53
12SHA1 (patch-am) = be278e6044dfa37b108d2544c82b84f36b6ca9d7 12SHA1 (patch-am) = be278e6044dfa37b108d2544c82b84f36b6ca9d7
13SHA1 (patch-ba) = b758aab64fcba81ba33b7c425db6430757b2fd4b 13SHA1 (patch-ba) = b758aab64fcba81ba33b7c425db6430757b2fd4b
14SHA1 (patch-bb) = 1e8ca63c07b22424d0bf379dd98e032f41eabc0e 14SHA1 (patch-bb) = 1e8ca63c07b22424d0bf379dd98e032f41eabc0e
@@ -16,20 +16,21 @@ SHA1 (patch-bc) = f1ab56e8876ddc6bc0fe94 @@ -16,20 +16,21 @@ SHA1 (patch-bc) = f1ab56e8876ddc6bc0fe94
16SHA1 (patch-bd) = 01abcfe981c5d7d8aa20ca80e6a55cecc5e0daad 16SHA1 (patch-bd) = 01abcfe981c5d7d8aa20ca80e6a55cecc5e0daad
17SHA1 (patch-be) = 29d24b313707689c390eb4d3b0f0afe7799944df 17SHA1 (patch-be) = 29d24b313707689c390eb4d3b0f0afe7799944df
18SHA1 (patch-bf) = fe74060e662e39accc285026b7eb0a7fd87e698e 18SHA1 (patch-bf) = fe74060e662e39accc285026b7eb0a7fd87e698e
19SHA1 (patch-bg) = 6e44664941585390c32b5f6cc1fdc93447228b09 19SHA1 (patch-bg) = 6e44664941585390c32b5f6cc1fdc93447228b09
20SHA1 (patch-bh) = 51074592a06a84a049a4e2bc994471491e2e202c 20SHA1 (patch-bh) = 51074592a06a84a049a4e2bc994471491e2e202c
21SHA1 (patch-bi) = 52012af9c4bd2dab0e9d96cb1692a5e342737748 21SHA1 (patch-bi) = 52012af9c4bd2dab0e9d96cb1692a5e342737748
22SHA1 (patch-bj) = 3bea92151311028e9eeeacd441b1855a0d5f6867 22SHA1 (patch-bj) = 3bea92151311028e9eeeacd441b1855a0d5f6867
23SHA1 (patch-bk) = 293aba14c63bfd4c8cf282c4a1cca40f76f6634a 23SHA1 (patch-bk) = 293aba14c63bfd4c8cf282c4a1cca40f76f6634a
24SHA1 (patch-bl) = 42fb973bd4a22bbe6c441159f1edcaf7c04f0d27 24SHA1 (patch-bl) = 42fb973bd4a22bbe6c441159f1edcaf7c04f0d27
25SHA1 (patch-bm) = 9c7192eb98816165d8fb16af465e0056045280b2 25SHA1 (patch-bm) = 9c7192eb98816165d8fb16af465e0056045280b2
26SHA1 (patch-bn) = 27dffea8ce05ac79fd438818fba463f57776f2af 26SHA1 (patch-bn) = 27dffea8ce05ac79fd438818fba463f57776f2af
27SHA1 (patch-bo) = ee05a01c6b1d4d0b759d8372f16c5f752273f73e 27SHA1 (patch-bo) = ee05a01c6b1d4d0b759d8372f16c5f752273f73e
28SHA1 (patch-configure) = 031bc0accf1dd71ed687e7aac3fcc9498cb06784 28SHA1 (patch-configure) = 031bc0accf1dd71ed687e7aac3fcc9498cb06784
 29SHA1 (patch-os_utils.c) = 949384a74c5702c863dea7387bfe18952c92b239
29SHA1 (patch-sa) = 349bad3f5f7e6bc3b7d37ab37fb6d2a0e6f4d7f0 30SHA1 (patch-sa) = 349bad3f5f7e6bc3b7d37ab37fb6d2a0e6f4d7f0
30SHA1 (patch-sb) = 48c22a62b30c6bc4d5786624bc264fee30a9bb81 31SHA1 (patch-sb) = 48c22a62b30c6bc4d5786624bc264fee30a9bb81
31SHA1 (patch-sc) = dd93e15253b78395050d65df0f972e57ccf546e0 32SHA1 (patch-sc) = dd93e15253b78395050d65df0f972e57ccf546e0
32SHA1 (patch-sd) = 36d3946217b57416e8d0d3099e48d4e9f957c881 33SHA1 (patch-sd) = 36d3946217b57416e8d0d3099e48d4e9f957c881
33SHA1 (patch-se) = 22b20c734b7fcf59d75227aeb1fa703465582568 34SHA1 (patch-se) = 22b20c734b7fcf59d75227aeb1fa703465582568
34SHA1 (patch-sf) = 22d4f575c066691696ec96f1fcd459251b662012 35SHA1 (patch-sf) = 22d4f575c066691696ec96f1fcd459251b662012
35SHA1 (patch-sg) = 81598e687357a6e8b477055d14ece01372ae4617 36SHA1 (patch-sg) = 81598e687357a6e8b477055d14ece01372ae4617
File Added: pkgsrc/x11/modular-xorg-server/patches/Attic/patch-os_utils.c
$NetBSD: patch-os_utils.c,v 1.1 2012/12/15 09:26:07 is Exp $

--- os/utils.c.orig	2009-10-12 02:52:40.000000000 +0000
+++ os/utils.c
@@ -315,7 +315,7 @@ LockServer(void)
     FatalError("Could not create lock file in %s\n", tmp);
   (void) sprintf(pid_str, "%10ld\n", (long)getpid());
   (void) write(lfd, pid_str, 11);
-  (void) chmod(tmp, 0444);
+  (void) fchmod(lfd, 0444);
   (void) close(lfd);
 
   /*
@@ -336,7 +336,7 @@ LockServer(void)
       /*
        * Read the pid from the existing file
        */
-      lfd = open(LockFile, O_RDONLY);
+      lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
       if (lfd < 0) {
         unlink(tmp);
         FatalError("Can't read lock file %s\n", LockFile);