* [PATCH] xserver-xorg: fix for CVE-2018-14665
@ 2018-11-02 6:09 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: changqing.li @ 2018-11-02 6:09 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
.../xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 56 ++++++++++++++++++++++
1 file changed, 56 insertions(+)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
new file mode 100644
index 0000000..5dd6fe0
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/
+commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e]
+
+CVE: CVE-2018-14665
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 23 Oct 2018 21:29:08 +0200
+Subject: [PATCH] Disable -logfile and -modulepath when running with elevated
+ privileges
+
+Could cause privilege elevation and/or arbitrary files overwrite, when
+the X server is running with elevated privileges (ie when Xorg is
+installed with the setuid bit set and started by a non-root user).
+
+CVE-2018-14665
+
+Issue reported by Narendra Shinde and Red Hat.
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+---
+ hw/xfree86/common/xf86Init.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
+index 6c25eda73..0f57efa86 100644
+--- a/hw/xfree86/common/xf86Init.c
++++ b/hw/xfree86/common/xf86Init.c
+@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
+ /* First the options that are not allowed with elevated privileges */
+ if (!strcmp(argv[i], "-modulepath")) {
+ CHECK_FOR_REQUIRED_ARGUMENT();
+- xf86CheckPrivs(argv[i], argv[i + 1]);
++ if (xf86PrivsElevated())
++ FatalError("\nInvalid argument -modulepath "
++ "with elevated privileges\n");
+ xf86ModulePath = argv[i + 1];
+ xf86ModPathFrom = X_CMDLINE;
+ return 2;
+ }
+ if (!strcmp(argv[i], "-logfile")) {
+ CHECK_FOR_REQUIRED_ARGUMENT();
+- xf86CheckPrivs(argv[i], argv[i + 1]);
++ if (xf86PrivsElevated())
++ FatalError("\nInvalid argument -logfile "
++ "with elevated privileges\n");
+ xf86LogFile = argv[i + 1];
+ xf86LogFileFrom = X_CMDLINE;
+ return 2;
+--
+2.18.1
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread* ✗ patchtest: failure for xserver-xorg: fix for CVE-2018-14665
2018-11-02 6:09 [PATCH] xserver-xorg: fix for CVE-2018-14665 changqing.li
@ 2018-11-02 6:41 ` Patchwork
2018-11-02 6:44 ` [PATCH] " Changqing Li
2018-11-02 16:01 ` akuster808
2 siblings, 0 replies; 5+ messages in thread
From: Patchwork @ 2018-11-02 6:41 UTC (permalink / raw)
To: changqing.li; +Cc: openembedded-core
== Series Details ==
Series: xserver-xorg: fix for CVE-2018-14665
Revision: 1
URL : https://patchwork.openembedded.org/series/14767/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch master (currently at 14b5854d50)
* Patch xserver-xorg: fix for CVE-2018-14665
Issue Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format]
Suggested fix Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] xserver-xorg: fix for CVE-2018-14665
2018-11-02 6:09 [PATCH] xserver-xorg: fix for CVE-2018-14665 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
@ 2018-11-02 6:44 ` Changqing Li
2018-11-02 16:01 ` akuster808
2 siblings, 0 replies; 5+ messages in thread
From: Changqing Li @ 2018-11-02 6:44 UTC (permalink / raw)
To: openembedded-core
Please ignore this patch, I just noticed it is fixed in master.
On 11/2/18 2:09 PM, changqing.li@windriver.com wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> .../xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 56 ++++++++++++++++++++++
> 1 file changed, 56 insertions(+)
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
>
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
> new file mode 100644
> index 0000000..5dd6fe0
> --- /dev/null
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
> @@ -0,0 +1,56 @@
> +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/
> +commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e]
> +
> +CVE: CVE-2018-14665
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +
> +From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001
> +From: Matthieu Herrb <matthieu@herrb.eu>
> +Date: Tue, 23 Oct 2018 21:29:08 +0200
> +Subject: [PATCH] Disable -logfile and -modulepath when running with elevated
> + privileges
> +
> +Could cause privilege elevation and/or arbitrary files overwrite, when
> +the X server is running with elevated privileges (ie when Xorg is
> +installed with the setuid bit set and started by a non-root user).
> +
> +CVE-2018-14665
> +
> +Issue reported by Narendra Shinde and Red Hat.
> +
> +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
> +Reviewed-by: Adam Jackson <ajax@redhat.com>
> +---
> + hw/xfree86/common/xf86Init.c | 8 ++++++--
> + 1 file changed, 6 insertions(+), 2 deletions(-)
> +
> +diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
> +index 6c25eda73..0f57efa86 100644
> +--- a/hw/xfree86/common/xf86Init.c
> ++++ b/hw/xfree86/common/xf86Init.c
> +@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
> + /* First the options that are not allowed with elevated privileges */
> + if (!strcmp(argv[i], "-modulepath")) {
> + CHECK_FOR_REQUIRED_ARGUMENT();
> +- xf86CheckPrivs(argv[i], argv[i + 1]);
> ++ if (xf86PrivsElevated())
> ++ FatalError("\nInvalid argument -modulepath "
> ++ "with elevated privileges\n");
> + xf86ModulePath = argv[i + 1];
> + xf86ModPathFrom = X_CMDLINE;
> + return 2;
> + }
> + if (!strcmp(argv[i], "-logfile")) {
> + CHECK_FOR_REQUIRED_ARGUMENT();
> +- xf86CheckPrivs(argv[i], argv[i + 1]);
> ++ if (xf86PrivsElevated())
> ++ FatalError("\nInvalid argument -logfile "
> ++ "with elevated privileges\n");
> + xf86LogFile = argv[i + 1];
> + xf86LogFileFrom = X_CMDLINE;
> + return 2;
> +--
> +2.18.1
--
BRs
Sandy(Li Changqing)
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] xserver-xorg: fix for CVE-2018-14665
2018-11-02 6:09 [PATCH] xserver-xorg: fix for CVE-2018-14665 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
2018-11-02 6:44 ` [PATCH] " Changqing Li
@ 2018-11-02 16:01 ` akuster808
2018-11-02 16:04 ` Burton, Ross
2 siblings, 1 reply; 5+ messages in thread
From: akuster808 @ 2018-11-02 16:01 UTC (permalink / raw)
To: changqing.li, openembedded-core
On 11/1/18 11:09 PM, changqing.li@windriver.com wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
This should be in the update sitting in master-next. its good for Thud
or we update thud to the later version
- armin
> ---
> .../xorg-xserver/xserver-xorg/CVE-2018-14665.patch | 56 ++++++++++++++++++++++
> 1 file changed, 56 insertions(+)
> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
>
> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
> new file mode 100644
> index 0000000..5dd6fe0
> --- /dev/null
> +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2018-14665.patch
> @@ -0,0 +1,56 @@
> +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/
> +commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e]
> +
> +CVE: CVE-2018-14665
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +
> +From 50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e Mon Sep 17 00:00:00 2001
> +From: Matthieu Herrb <matthieu@herrb.eu>
> +Date: Tue, 23 Oct 2018 21:29:08 +0200
> +Subject: [PATCH] Disable -logfile and -modulepath when running with elevated
> + privileges
> +
> +Could cause privilege elevation and/or arbitrary files overwrite, when
> +the X server is running with elevated privileges (ie when Xorg is
> +installed with the setuid bit set and started by a non-root user).
> +
> +CVE-2018-14665
> +
> +Issue reported by Narendra Shinde and Red Hat.
> +
> +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
> +Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
> +Reviewed-by: Adam Jackson <ajax@redhat.com>
> +---
> + hw/xfree86/common/xf86Init.c | 8 ++++++--
> + 1 file changed, 6 insertions(+), 2 deletions(-)
> +
> +diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
> +index 6c25eda73..0f57efa86 100644
> +--- a/hw/xfree86/common/xf86Init.c
> ++++ b/hw/xfree86/common/xf86Init.c
> +@@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
> + /* First the options that are not allowed with elevated privileges */
> + if (!strcmp(argv[i], "-modulepath")) {
> + CHECK_FOR_REQUIRED_ARGUMENT();
> +- xf86CheckPrivs(argv[i], argv[i + 1]);
> ++ if (xf86PrivsElevated())
> ++ FatalError("\nInvalid argument -modulepath "
> ++ "with elevated privileges\n");
> + xf86ModulePath = argv[i + 1];
> + xf86ModPathFrom = X_CMDLINE;
> + return 2;
> + }
> + if (!strcmp(argv[i], "-logfile")) {
> + CHECK_FOR_REQUIRED_ARGUMENT();
> +- xf86CheckPrivs(argv[i], argv[i + 1]);
> ++ if (xf86PrivsElevated())
> ++ FatalError("\nInvalid argument -logfile "
> ++ "with elevated privileges\n");
> + xf86LogFile = argv[i + 1];
> + xf86LogFileFrom = X_CMDLINE;
> + return 2;
> +--
> +2.18.1
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] xserver-xorg: fix for CVE-2018-14665
2018-11-02 16:01 ` akuster808
@ 2018-11-02 16:04 ` Burton, Ross
0 siblings, 0 replies; 5+ messages in thread
From: Burton, Ross @ 2018-11-02 16:04 UTC (permalink / raw)
To: Armin Kuster; +Cc: OE-core
On Fri, 2 Nov 2018 at 16:02, akuster808 <akuster808@gmail.com> wrote:
> This should be in the update sitting in master-next. its good for Thud
> or we update thud to the later version
Thud is literally in QA for release, so it's way too late for an
update. The CVE patch should be backported for thud, sumo, rocko.
Ross
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-11-02 16:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-02 6:09 [PATCH] xserver-xorg: fix for CVE-2018-14665 changqing.li
2018-11-02 6:41 ` ✗ patchtest: failure for " Patchwork
2018-11-02 6:44 ` [PATCH] " Changqing Li
2018-11-02 16:01 ` akuster808
2018-11-02 16:04 ` Burton, Ross
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.