* [Buildroot] [git commit branch/2021.02.x] package/keepalived: fix CVE-2021-44225
@ 2022-01-15 8:42 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2022-01-15 8:42 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=9088c5ce6f634996db48fa2367e1ca69f721c7bb
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently
restrict the message destination, allowing any user to inspect and
manipulate any property. This leads to access-control bypass in some
situations in which an unrelated D-Bus system service has a settable
(writable) property
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit e4464fabb6323dba4974096886166b9c4631fd38)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...02-dbus-fix-policy-to-not-be-overly-broad.patch | 42 ++++++++++++++++++++++
package/keepalived/keepalived.mk | 3 ++
2 files changed, 45 insertions(+)
diff --git a/package/keepalived/0002-dbus-fix-policy-to-not-be-overly-broad.patch b/package/keepalived/0002-dbus-fix-policy-to-not-be-overly-broad.patch
new file mode 100644
index 0000000000..6287d6117d
--- /dev/null
+++ b/package/keepalived/0002-dbus-fix-policy-to-not-be-overly-broad.patch
@@ -0,0 +1,42 @@
+From 7977fec0be89ae6fe87405b3f8da2f0b5e415e3d Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.ch>
+Date: Tue, 23 Nov 2021 06:50:59 +0100
+Subject: [PATCH] dbus: fix policy to not be overly broad
+
+The DBus policy did not restrict the message destination, allowing any
+user to inspect and manipulate any property.
+
+Signed-off-by: Vincent Bernat <vincent@bernat.ch>
+
+[Retrieved from:
+https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
+index 2b78a575c..b5ced6085 100644
+--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
++++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
+@@ -3,12 +3,15 @@
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ <policy user="root">
+- <allow own="org.keepalived.Vrrp1"/>
+- <allow send_destination="org.keepalived.Vrrp1"/>
++ <allow own="org.keepalived.Vrrp1" />
++ <allow send_destination="org.keepalived.Vrrp1" />
+ </policy>
+ <policy context="default">
+- <allow send_interface="org.freedesktop.DBus.Introspectable" />
+- <allow send_interface="org.freedesktop.DBus.Peer" />
+- <allow send_interface="org.freedesktop.DBus.Properties" />
++ <allow send_destination="org.keepalived.Vrrp1"
++ send_interface="org.freedesktop.DBus.Introspectable" />
++ <allow send_destination="org.keepalived.Vrrp1"
++ send_interface="org.freedesktop.DBus.Peer" />
++ <allow send_destination="org.keepalived.Vrrp1"
++ send_interface="org.freedesktop.DBus.Properties" />
+ </policy>
+ </busconfig>
diff --git a/package/keepalived/keepalived.mk b/package/keepalived/keepalived.mk
index 5d42cab741..e31c02dec5 100644
--- a/package/keepalived/keepalived.mk
+++ b/package/keepalived/keepalived.mk
@@ -12,6 +12,9 @@ KEEPALIVED_LICENSE_FILES = COPYING
KEEPALIVED_CPE_ID_VENDOR = keepalived
KEEPALIVED_CONF_OPTS = --disable-hardening
+# 0002-dbus-fix-policy-to-not-be-overly-broad.patch
+KEEPALIVED_IGNORE_CVES += CVE-2021-44225
+
ifeq ($(BR2_PACKAGE_JSON_C),y)
KEEPALIVED_DEPENDENCIES += json-c
KEEPALIVED_CONF_OPTS += --enable-json
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-15 9:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-15 8:42 [Buildroot] [git commit branch/2021.02.x] package/keepalived: fix CVE-2021-44225 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.