[Pkg-virtualbox-commits] r366 - in trunk/debian: . patches

meskes at alioth.debian.org meskes at alioth.debian.org
Wed Nov 5 13:50:20 UTC 2008 

Author: meskes
Date: 2008-11-05 13:50:20 +0000 (Wed, 05 Nov 2008)
New Revision: 366

Added:
   trunk/debian/patches/17-tmp-symlink.attack.dpatch
Modified:
   trunk/debian/changelog
Log:
Added upstream patch to prevent symlink attack


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2008-10-14 07:39:54 UTC (rev 365)
+++ trunk/debian/changelog	2008-11-05 13:50:20 UTC (rev 366)
@@ -1,6 +1,7 @@
 virtualbox-ose (1.6.6-dfsg-3) unstable; urgency=low
 
-  * Added patch to support kernel 2.6.27, closes: #502068
+  * Added upstream patch to support kernel 2.6.27, closes: #502068
+  * Added upstream patch to prevent potential symlink attack, closes: #504149
 
  -- Michael Meskes <meskes at debian.org>  Mon, 13 Oct 2008 16:38:47 +0200
 

Added: trunk/debian/patches/17-tmp-symlink.attack.dpatch
===================================================================
--- trunk/debian/patches/17-tmp-symlink.attack.dpatch	                        (rev 0)
+++ trunk/debian/patches/17-tmp-symlink.attack.dpatch	2008-11-05 13:50:20 UTC (rev 366)
@@ -0,0 +1,108 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 16-tmp-symlink-attack.dpatch by Michael Meskes <meskes at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixing a potential symlink attack
+## DP: rediff the following upstream commits against virtualbox-ose 1.6.6-dfsg-1:
+## DP: - r13788
+## DP: - r13807
+## DP: - r13809
+## DP: - r13810
+
+ at DPATCH@
+
+diff -urNad virtualbox-ose-1.6.6-dfsg.orig/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp virtualbox-ose-1.6.6-dfsg/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp
+--- virtualbox-ose-1.6.6-dfsg.orig/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp	2008-11-05 14:43:38.000000000 +0100
++++ virtualbox-ose-1.6.6-dfsg/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp	2008-11-05 14:44:08.000000000 +0100
+@@ -93,7 +93,7 @@
+     EOk = 0,
+     ELockFileOpen = -1,
+     ELockFileLock = -2,
+-
++    ELockFileOwner = -3,
+ };
+ 
+ static int ipcLockFD = 0;
+@@ -112,16 +112,70 @@
+     lockFile[dirLen] = '/';
+     memcpy(lockFile + dirLen + 1, lockName, sizeof(lockName));
+ 
++#ifdef VBOX
++    //
++    // Security checks for the directory
++    //
++    struct stat st;
++    if (stat(baseDir, &st) == -1)
++    {
++        printf("Cannot stat '%s'.\n", baseDir);
++        return ELockFileOwner;
++    }
++
++    if (st.st_uid != getuid() && st.st_uid != geteuid())
++    {
++        printf("Wrong owner (%d) of '%s'.\n", st.st_uid, baseDir);
++        return ELockFileOwner;
++    }
++
++    if (st.st_mode != (S_IRUSR | S_IWUSR | S_IXUSR | S_IFDIR))
++    {
++        printf("Wrong mode (%o) of '%s'.\n", st.st_mode, baseDir);
++        return ELockFileOwner;
++    }
++#endif
++
+     //
+     // open lock file.  it remains open until we shutdown.
+     //
+     ipcLockFD = open(lockFile, O_WRONLY|O_CREAT, S_IWUSR|S_IRUSR);
+ 
++#ifndef VBOX
+     free(lockFile);
++#endif
+ 
+     if (ipcLockFD == -1)
+         return ELockFileOpen;
+ 
++#ifdef VBOX
++    //
++    // Security checks for the lock file
++    //
++    if (fstat(ipcLockFD, &st) == -1)
++    {
++        printf("Cannot stat '%s'.\n", lockFile);
++        free(lockFile);
++        return ELockFileOwner;
++    }
++
++    if (st.st_uid != getuid() && st.st_uid != geteuid())
++    {
++        printf("Wrong owner (%d) of '%s'.\n", st.st_uid, lockFile);
++        free(lockFile);
++        return ELockFileOwner;
++    }
++
++    if (st.st_mode != (S_IRUSR | S_IWUSR | S_IFREG))
++    {
++        printf("Wrong mode (%o) of '%s'.\n", st.st_mode, lockFile);
++        free(lockFile);
++        return ELockFileOwner;
++    }
++
++    free(lockFile);
++#endif
++
+     //
+     // we use fcntl for locking.  assumption: filesystem should be local.
+     // this API is nice because the lock will be automatically released
+@@ -433,8 +487,9 @@
+             // don't notify the parent to cause it to fail in PR_Read() after
+             // we terminate
+ #ifdef VBOX
+-            printf("Cannot create a lock file for '%s'.\n"
+-                   "Check permissions.\n", addr.local.path);
++            if (status != ELockFileOwner)
++                printf("Cannot create a lock file for '%s'.\n"
++                        "Check permissions.\n", addr.local.path);
+ #endif
+             return 0;
+         }

More information about the Pkg-virtualbox-commits mailing list