diff options
| author | Niclas Zeising <zeising@FreeBSD.org> | 2020-08-18 23:23:22 +0000 |
|---|---|---|
| committer | Niclas Zeising <zeising@FreeBSD.org> | 2020-08-18 23:23:22 +0000 |
| commit | 7671dd5ccb2e735ec6bf154e8ac29fd98ae1483a (patch) | |
| tree | 70b10b3799286e89cf97192ef35ce4d3cb033761 /security/trousers/files/patch-c9b8c443.c | |
| parent | vuxml: Document security issues in security/trousers (diff) | |
security/trousers: fix security issues
Fix three security issues in security/trousers:
* CVE-2020-24332
If the tcsd daemon is started with root privileges,
the creation of the system.data file is prone to symlink attacks
* CVE-2020-24330
If the tcsd daemon is started with root privileges,
it fails to drop the root gid after it is no longer needed
* CVE-2020-24331
If the tcsd daemon is started with root privileges,
the tss user has read and write access to the /etc/tcsd.conf file
Add patches to fix potential use-after-free
Fix build with -fno-common
MFH: 2020Q3
Security: e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0
Notes
Notes:
svn path=/head/; revision=545264
Diffstat (limited to 'security/trousers/files/patch-c9b8c443.c')
| -rw-r--r-- | security/trousers/files/patch-c9b8c443.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/trousers/files/patch-c9b8c443.c b/security/trousers/files/patch-c9b8c443.c new file mode 100644 index 000000000000..826b5a4f6844 --- /dev/null +++ b/security/trousers/files/patch-c9b8c443.c @@ -0,0 +1,33 @@ +commit c9b8c4434f3b11bae4f7e72c3aec5b4f3459eecc +Author: Jerry Snitselaar <jsnitsel@redhat.com> +Date: Wed Mar 18 14:10:35 2020 -0700 + + trousers: resolve build failure + + The global variables tcsd_sa_chld and tcsd_sa_int in tcsd.h are + causing build failures in latest Fedora release: + + /usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:169: multiple definition of `tcsd_sa_chld'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:169: first defined here + /usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:168: multiple definition of `tcsd_sa_int'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:168: first defined here + + They are no longer used since 9b40e581470b ("Improved daemon's signal + handling") so just remove them. + + Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com> + Signed-off-by: Debora Velarde Babb <debora@linux.ibm.com> + +diff --git src/include/tcsd.h src/include/tcsd.h +index 5b9462b..f5c286e 100644 +--- src/include/tcsd.h ++++ src/include/tcsd.h +@@ -164,10 +164,4 @@ TSS_RESULT tcsd_thread_create(int, char *); + void *tcsd_thread_run(void *); + void thread_signal_init(); + +-/* signal handling */ +-#ifndef __APPLE__ +-struct sigaction tcsd_sa_int; +-struct sigaction tcsd_sa_chld; +-#endif +- + #endif |