[Pkg-virtualbox-commits] r389 - virtualbox-ose/trunk/debian/patches
meskes at alioth.debian.org
meskes at alioth.debian.org
Mon Nov 24 10:16:27 UTC 2008
Author: meskes
Date: 2008-11-24 10:16:27 +0000 (Mon, 24 Nov 2008)
New Revision: 389
Removed:
virtualbox-ose/trunk/debian/patches/17-tmp-symlink.attack.dpatch
Modified:
virtualbox-ose/trunk/debian/patches/00list
Log:
Removed patch, spplied upstream.
Modified: virtualbox-ose/trunk/debian/patches/00list
===================================================================
--- virtualbox-ose/trunk/debian/patches/00list 2008-11-24 10:12:04 UTC (rev 388)
+++ virtualbox-ose/trunk/debian/patches/00list 2008-11-24 10:16:27 UTC (rev 389)
@@ -11,4 +11,3 @@
12-make-module.dpatch
13-module-mismatch.dpatch
14-disable-registration-request.dpatch
-17-tmp-symlink.attack.dpatch
Deleted: virtualbox-ose/trunk/debian/patches/17-tmp-symlink.attack.dpatch
===================================================================
--- virtualbox-ose/trunk/debian/patches/17-tmp-symlink.attack.dpatch 2008-11-24 10:12:04 UTC (rev 388)
+++ virtualbox-ose/trunk/debian/patches/17-tmp-symlink.attack.dpatch 2008-11-24 10:16:27 UTC (rev 389)
@@ -1,108 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 16-tmp-symlink-attack.dpatch by Michael Meskes <meskes at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fixing a potential symlink attack
-## DP: rediff the following upstream commits against virtualbox-ose 1.6.6-dfsg-1:
-## DP: - r13788
-## DP: - r13807
-## DP: - r13809
-## DP: - r13810
-
- at DPATCH@
-
-diff -urNad virtualbox-ose-1.6.6-dfsg.orig/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp virtualbox-ose-1.6.6-dfsg/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp
---- virtualbox-ose-1.6.6-dfsg.orig/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp 2008-11-05 14:43:38.000000000 +0100
-+++ virtualbox-ose-1.6.6-dfsg/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp 2008-11-05 14:44:08.000000000 +0100
-@@ -93,7 +93,7 @@
- EOk = 0,
- ELockFileOpen = -1,
- ELockFileLock = -2,
--
-+ ELockFileOwner = -3,
- };
-
- static int ipcLockFD = 0;
-@@ -112,16 +112,70 @@
- lockFile[dirLen] = '/';
- memcpy(lockFile + dirLen + 1, lockName, sizeof(lockName));
-
-+#ifdef VBOX
-+ //
-+ // Security checks for the directory
-+ //
-+ struct stat st;
-+ if (stat(baseDir, &st) == -1)
-+ {
-+ printf("Cannot stat '%s'.\n", baseDir);
-+ return ELockFileOwner;
-+ }
-+
-+ if (st.st_uid != getuid() && st.st_uid != geteuid())
-+ {
-+ printf("Wrong owner (%d) of '%s'.\n", st.st_uid, baseDir);
-+ return ELockFileOwner;
-+ }
-+
-+ if (st.st_mode != (S_IRUSR | S_IWUSR | S_IXUSR | S_IFDIR))
-+ {
-+ printf("Wrong mode (%o) of '%s'.\n", st.st_mode, baseDir);
-+ return ELockFileOwner;
-+ }
-+#endif
-+
- //
- // open lock file. it remains open until we shutdown.
- //
- ipcLockFD = open(lockFile, O_WRONLY|O_CREAT, S_IWUSR|S_IRUSR);
-
-+#ifndef VBOX
- free(lockFile);
-+#endif
-
- if (ipcLockFD == -1)
- return ELockFileOpen;
-
-+#ifdef VBOX
-+ //
-+ // Security checks for the lock file
-+ //
-+ if (fstat(ipcLockFD, &st) == -1)
-+ {
-+ printf("Cannot stat '%s'.\n", lockFile);
-+ free(lockFile);
-+ return ELockFileOwner;
-+ }
-+
-+ if (st.st_uid != getuid() && st.st_uid != geteuid())
-+ {
-+ printf("Wrong owner (%d) of '%s'.\n", st.st_uid, lockFile);
-+ free(lockFile);
-+ return ELockFileOwner;
-+ }
-+
-+ if (st.st_mode != (S_IRUSR | S_IWUSR | S_IFREG))
-+ {
-+ printf("Wrong mode (%o) of '%s'.\n", st.st_mode, lockFile);
-+ free(lockFile);
-+ return ELockFileOwner;
-+ }
-+
-+ free(lockFile);
-+#endif
-+
- //
- // we use fcntl for locking. assumption: filesystem should be local.
- // this API is nice because the lock will be automatically released
-@@ -433,8 +487,9 @@
- // don't notify the parent to cause it to fail in PR_Read() after
- // we terminate
- #ifdef VBOX
-- printf("Cannot create a lock file for '%s'.\n"
-- "Check permissions.\n", addr.local.path);
-+ if (status != ELockFileOwner)
-+ printf("Cannot create a lock file for '%s'.\n"
-+ "Check permissions.\n", addr.local.path);
- #endif
- return 0;
- }
More information about the Pkg-virtualbox-commits
mailing list