CVE-2009-4135 : Unsafe temporary directory use in distcheck rule

2009-12-11 18:38:30 +00:00 · 2009-12-11 18:38:30 +00:00 · 851fdcd87c
parent 84ce36b59c
commit 851fdcd87c
2 changed files with 73 additions and 1 deletions
--- a/coreutils-CVE-2009-4135.patch
+++ b/coreutils-CVE-2009-4135.patch
@ -0,0 +1,67 @@
+diff -urNp coreutils-7.6-orig/dist-check.mk coreutils-7.6/dist-check.mk
+--- coreutils-7.6-orig/dist-check.mk	2009-09-01 13:01:16.000000000 +0200
+++ coreutils-7.6/dist-check.mk	2009-12-11 19:25:01.231452251 +0100
+@@ -4,14 +4,14 @@ bin=bin-$$$$
+ 
+ write_loser = printf '\#!%s\necho $$0: bad path 1>&2; exit 1\n' '$(SHELL)'
+ 
+-TMPDIR ?= /tmp
+-t=$(TMPDIR)/$(PACKAGE)/test
+tmpdir = $(abs_top_builddir)/tests/torture
+t=$(tmpdir)/$(PACKAGE)/test
+ pfx=$(t)/i
+ 
+ # More than once, tainted build and source directory names would
+ # have caused at least one "make check" test to apply "chmod 700"
+ # to all directories under $HOME.  Make sure it doesn't happen again.
+-tp := $(shell echo "$(TMPDIR)/$(PACKAGE)-$$$$")
+tp = $(tmpdir)/taint
+ t_prefix = $(tp)/a
+ t_taint = '$(t_prefix) b'
+ fake_home = $(tp)/home
+@@ -30,10 +30,11 @@ taint-distcheck: $(DIST_ARCHIVES)
+ 	touch $(fake_home)/f
+ 	mkdir -p $(fake_home)/d/e
+ 	ls -lR $(fake_home) $(t_prefix) > $(tp)/.ls-before
+	HOME=$(fake_home); export HOME;			\
+ 	cd $(t_taint)/$(distdir)			\
+ 	  && ./configure				\
+ 	  && $(MAKE)					\
+-	  && HOME=$(fake_home) $(MAKE) check		\
+	  && $(MAKE) check				\
+ 	  && ls -lR $(fake_home) $(t_prefix) > $(tp)/.ls-after \
+ 	  && diff $(tp)/.ls-before $(tp)/.ls-after	\
+ 	  && test -d $(t_prefix)
+@@ -52,6 +53,7 @@ endef
+ # Install, then verify that all binaries and man pages are in place.
+ # Note that neither the binary, ginstall, nor the ].1 man page is installed.
+ define my-instcheck
+  echo running my-instcheck;				\
+   $(MAKE) prefix=$(pfx) install				\
+     && test ! -f $(pfx)/bin/ginstall			\
+     && { fail=0;					\
+@@ -70,6 +72,7 @@ endef
+ 
+ define coreutils-path-check
+   {							\
+    echo running coreutils-path-check;			\
+     if test -f $(srcdir)/src/true.c; then		\
+       fail=1;						\
+       mkdir $(bin)					\
+@@ -117,7 +120,7 @@ my-distcheck: $(DIST_ARCHIVES) $(local-c
+ 	mkdir -p $(t)
+ 	GZIP=$(GZIP_ENV) $(AMTAR) -C $(t) -zxf $(distdir).tar.gz
+ 	cd $(t)/$(distdir)				\
+-	  && ./configure --enable-gcc-warnings --disable-nls \
+	  && ./configure --quiet --enable-gcc-warnings --disable-nls \
+ 	  && $(MAKE) AM_MAKEFLAGS='$(null_AM_MAKEFLAGS)' \
+ 	  && $(MAKE) dvi				\
+ 	  && $(install-transform-check)			\
+@@ -128,6 +131,7 @@ my-distcheck: $(DIST_ARCHIVES) $(local-c
+ 	  && $(AMTAR) -zxf - ) < $(distdir).tar.gz
+ 	diff -ur $(t)/$(distdir).old $(t)/$(distdir)
+ 	-rm -rf $(t)
+	rmdir $(tmpdir)/$(PACKAGE) $(tmpdir)
+ 	@echo "========================"; \
+ 	echo "$(distdir).tar.gz is ready for distribution"; \
+ 	echo "========================"
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 7.6
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@ -25,6 +25,7 @@ Patch4: coreutils-7.6-tail-F-renaming.patch
 Patch5: coreutils-7.6-trueexecve.patch
 Patch6: coreutils-7.6-ls-infloop.patch
 Patch7: coreutils-7.6-ls-derefdanglinginode.patch
+Patch8: coreutils-CVE-2009-4135.patch

 # Our patches
 Patch100: coreutils-6.10-configuration.patch
@ -120,6 +121,7 @@ Libraries for coreutils package.
 %patch4 -p1 -b .renaming
 %patch5 -p1 -b .execve
 %patch6 -p1 -b .infloop
+%patch8 -p1 -b .unsafetmp

 # Our patches
 %patch100 -p1 -b .configure
@ -341,6 +343,9 @@ fi
 %{_libdir}/coreutils

 %changelog
+* Fri Dec 11 2009 Ondrej Vasik <ovasik@redhat.com> - 7.6-8
+- CVE-2009-4135 : Unsafe temporary directory use in "distcheck" rule
+
 * Mon Nov 23 2009 Ondrej Vasik <ovasik@redhat.com> - 7.6-7
 - update /etc/DIR_COLORS* files
 - ls -LR exits with status 2, not 0, when it encounters