From: "akuster" <akuster808@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [dunfell 10/17] chrony: Patch CVE-2020-14367
Date: Wed, 18 Nov 2020 07:07:50 -0800 [thread overview]
Message-ID: <24830d1492f8dc08059fc32f5d3542ea67b0ec2a.1605711982.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1605711982.git.akuster808@gmail.com>
From: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b4d7b1ee421d9ae75548ac0c0dd0ea9405a0571e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../chrony/chrony/CVE-2020-14367.patch | 204 ++++++++++++++++++
.../recipes-support/chrony/chrony_3.5.bb | 1 +
2 files changed, 205 insertions(+)
create mode 100644 meta-networking/recipes-support/chrony/chrony/CVE-2020-14367.patch
diff --git a/meta-networking/recipes-support/chrony/chrony/CVE-2020-14367.patch b/meta-networking/recipes-support/chrony/chrony/CVE-2020-14367.patch
new file mode 100644
index 00000000000..79df1007e0d
--- /dev/null
+++ b/meta-networking/recipes-support/chrony/chrony/CVE-2020-14367.patch
@@ -0,0 +1,204 @@
+From f00fed20092b6a42283f29c6ee1f58244d74b545 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 6 Aug 2020 09:31:11 +0200
+Subject: main: create new file when writing pidfile
+
+When writing the pidfile, open the file with the O_CREAT|O_EXCL flags
+to avoid following a symlink and writing the PID to an unexpected file,
+when chronyd still has the root privileges.
+
+The Linux open(2) man page warns about O_EXCL not working as expected on
+NFS versions before 3 and Linux versions before 2.6. Saving pidfiles on
+a distributed filesystem like NFS is not generally expected, but if
+there is a reason to do that, these old kernel and NFS versions are not
+considered to be supported for saving files by chronyd.
+
+This is a minimal backport specific to this issue of the following
+commits:
+- commit 2fc8edacb810 ("use PATH_MAX")
+- commit f4c6a00b2a11 ("logging: call exit() in LOG_Message()")
+- commit 7a4c396bba8f ("util: add functions for common file operations")
+- commit e18903a6b563 ("switch to new util file functions")
+
+Reported-by: Matthias Gerstner <mgerstner@suse.de>
+
+Upstream-Status: Backport [https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545]
+CVE: CVE-2020-14367
+Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
+
+diff --git a/logging.c b/logging.c
+index d2296e0..fd7f900 100644
+--- a/logging.c
++++ b/logging.c
+@@ -171,6 +171,7 @@ void LOG_Message(LOG_Severity severity,
+ system_log = 0;
+ log_message(1, severity, buf);
+ }
++ exit(1);
+ break;
+ default:
+ assert(0);
+diff --git a/main.c b/main.c
+index 6ccf32e..8edb2e1 100644
+--- a/main.c
++++ b/main.c
+@@ -281,13 +281,9 @@ write_pidfile(void)
+ if (!pidfile[0])
+ return;
+
+- out = fopen(pidfile, "w");
+- if (!out) {
+- LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno));
+- } else {
+- fprintf(out, "%d\n", (int)getpid());
+- fclose(out);
+- }
++ out = UTI_OpenFile(NULL, pidfile, NULL, 'W', 0644);
++ fprintf(out, "%d\n", (int)getpid());
++ fclose(out);
+ }
+
+ /* ================================================== */
+diff --git a/sysincl.h b/sysincl.h
+index 296c5e6..873a3bd 100644
+--- a/sysincl.h
++++ b/sysincl.h
+@@ -37,6 +37,7 @@
+ #include <glob.h>
+ #include <grp.h>
+ #include <inttypes.h>
++#include <limits.h>
+ #include <math.h>
+ #include <netinet/in.h>
+ #include <pwd.h>
+diff --git a/util.c b/util.c
+index e7e3442..83b3b20 100644
+--- a/util.c
++++ b/util.c
+@@ -1179,6 +1179,101 @@ UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid)
+
+ /* ================================================== */
+
++static int
++join_path(const char *basedir, const char *name, const char *suffix,
++ char *buffer, size_t length, LOG_Severity severity)
++{
++ const char *sep;
++
++ if (!basedir) {
++ basedir = "";
++ sep = "";
++ } else {
++ sep = "/";
++ }
++
++ if (!suffix)
++ suffix = "";
++
++ if (snprintf(buffer, length, "%s%s%s%s", basedir, sep, name, suffix) >= length) {
++ LOG(severity, "File path %s%s%s%s too long", basedir, sep, name, suffix);
++ return 0;
++ }
++
++ return 1;
++}
++
++/* ================================================== */
++
++FILE *
++UTI_OpenFile(const char *basedir, const char *name, const char *suffix,
++ char mode, mode_t perm)
++{
++ const char *file_mode;
++ char path[PATH_MAX];
++ LOG_Severity severity;
++ int fd, flags;
++ FILE *file;
++
++ severity = mode >= 'A' && mode <= 'Z' ? LOGS_FATAL : LOGS_ERR;
++
++ if (!join_path(basedir, name, suffix, path, sizeof (path), severity))
++ return NULL;
++
++ switch (mode) {
++ case 'r':
++ case 'R':
++ flags = O_RDONLY;
++ file_mode = "r";
++ if (severity != LOGS_FATAL)
++ severity = LOGS_DEBUG;
++ break;
++ case 'w':
++ case 'W':
++ flags = O_WRONLY | O_CREAT | O_EXCL;
++ file_mode = "w";
++ break;
++ case 'a':
++ case 'A':
++ flags = O_WRONLY | O_CREAT | O_APPEND;
++ file_mode = "a";
++ break;
++ default:
++ assert(0);
++ return NULL;
++ }
++
++try_again:
++ fd = open(path, flags, perm);
++ if (fd < 0) {
++ if (errno == EEXIST) {
++ if (unlink(path) < 0) {
++ LOG(severity, "Could not remove %s : %s", path, strerror(errno));
++ return NULL;
++ }
++ DEBUG_LOG("Removed %s", path);
++ goto try_again;
++ }
++ LOG(severity, "Could not open %s : %s", path, strerror(errno));
++ return NULL;
++ }
++
++ UTI_FdSetCloexec(fd);
++
++ file = fdopen(fd, file_mode);
++ if (!file) {
++ LOG(severity, "Could not open %s : %s", path, strerror(errno));
++ close(fd);
++ return NULL;
++ }
++
++ DEBUG_LOG("Opened %s fd=%d mode=%c", path, fd, mode);
++
++ return file;
++}
++
++/* ================================================== */
++
+ void
+ UTI_DropRoot(uid_t uid, gid_t gid)
+ {
+diff --git a/util.h b/util.h
+index e3d6767..a2481cc 100644
+--- a/util.h
++++ b/util.h
+@@ -176,6 +176,17 @@ extern int UTI_CreateDirAndParents(const char *path, mode_t mode, uid_t uid, gid
+ permissions and its uid/gid must match the specified values. */
+ extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid);
+
++/* Open a file. The full path of the file is constructed from the basedir
++ (may be NULL), '/' (if basedir is not NULL), name, and suffix (may be NULL).
++ Created files have specified permissions (umasked). Returns NULL on error.
++ The following modes are supported (if the mode is an uppercase character,
++ errors are fatal):
++ r/R - open an existing file for reading
++ w/W - open a new file for writing (remove existing file)
++ a/A - open an existing file for appending (create if does not exist) */
++extern FILE *UTI_OpenFile(const char *basedir, const char *name, const char *suffix,
++ char mode, mode_t perm);
++
+ /* Set process user/group IDs and drop supplementary groups */
+ extern void UTI_DropRoot(uid_t uid, gid_t gid);
+
+--
+cgit v0.10.2
+
diff --git a/meta-networking/recipes-support/chrony/chrony_3.5.bb b/meta-networking/recipes-support/chrony/chrony_3.5.bb
index 7c6356d264e..182ce13ccf2 100644
--- a/meta-networking/recipes-support/chrony/chrony_3.5.bb
+++ b/meta-networking/recipes-support/chrony/chrony_3.5.bb
@@ -34,6 +34,7 @@ SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \
file://chrony.conf \
file://chronyd \
file://arm_eabi.patch \
+ file://CVE-2020-14367.patch \
"
SRC_URI_append_libc-musl = " \
--
2.17.1
next prev parent reply other threads:[~2020-11-18 15:08 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-18 15:07 [dunfell 00/17] Patch review Nov 18 akuster
2020-11-18 15:07 ` [dunfell 01/17] usb-modeswitch, usb-modeswitch-data: fix usrmerge akuster
2020-11-18 15:07 ` [dunfell 02/17] glog : improve reproducibility akuster
2020-11-18 15:07 ` [dunfell 03/17] README: fix incorrect links akuster
2020-11-18 15:07 ` [dunfell 04/17] libgphoto2: improve reproducibility akuster
2020-11-18 15:07 ` [dunfell 05/17] ubi-utils-klibc: Remove trailing slash from S akuster
2020-11-18 15:07 ` [dunfell 06/17] wireshark: upgrade 3.2.5 -> 3.2.6 akuster
2020-11-18 15:07 ` [dunfell 07/17] wireshark: upgrade 3.2.6 -> 3.2.7 akuster
2020-11-18 15:07 ` [dunfell 08/17] samba: upgrade 4.10.17 -> 4.10.18 akuster
2020-11-18 15:07 ` [dunfell 09/17] mpv: fetch waf in do_fetch akuster
2020-11-18 15:07 ` akuster [this message]
2020-11-18 15:07 ` [dunfell 11/17] gvfs: adjust fuse packageconfig to fuse3 akuster
2020-11-18 15:07 ` [dunfell 12/17] libeigen: update SRC_URI to download from gitlab akuster
2020-11-18 15:07 ` [dunfell 13/17] libeigen: update SRC_URI to use gitlab git akuster
2020-11-18 16:43 ` [oe] " Martin Jansa
2020-11-18 15:07 ` [dunfell 14/17] hplip: use libexecdir akuster
2020-11-18 15:07 ` [dunfell 15/17] Add missing dependencies for rsnapshot akuster
2020-11-18 15:07 ` [dunfell 16/17] remmina: use git fetcher akuster
2020-11-18 15:07 ` [dunfell 17/17] python3-pyinotify: Add missing ctypes dependency akuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=24830d1492f8dc08059fc32f5d3542ea67b0ec2a.1605711982.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.