← Back to branch summary

~ubuntu-branches/ubuntu/raring/qemu-kvm/raring

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2011-2527.patch

  • Committer: Serge Hallyn
  • Author(s): Jamie Strandboge
  • Date: 2011-07-26 06:51:28 UTC
  • Revision ID: serge.hallyn@ubuntu.com-20110726065128-p2b8288uwxrb7p1p
Tags: 0.14.0+noroms-0ubuntu9
* SECURITY UPDATE: fix potential privilege escalation via improper group
  handling
  - debian/patches/CVE-2011-2527.patch: call initgroups() to drop
    supplementary group privileges
  - CVE-2011-2527

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2011-2527.patch
 
1
Refreshed for 0.14.1
 
2
 
 
3
Subject: os-posix: set groups properly for -runas
 
4
Date: Fri, 08 Jul 2011 23:22:07 -0000
 
5
From: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
 
6
Message-Id: <1310203327-27069-1-git-send-email-stefanha@linux.vnet.ibm.com>
 
7
To: <qemu-devel@nongnu.org>
 
8
Cc: Bug 807893 <807893@bugs.launchpad.net>,
 
9
        Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
 
10
 
 
11
Andrew Griffiths reports that -runas does not set supplementary group
 
12
IDs.  This means that gid 0 (root) is not dropped when switching to an
 
13
unprivileged user.
 
14
 
 
15
Add an initgroups(3) call to use the -runas user's /etc/groups
 
16
membership to update the supplementary group IDs.
 
17
 
 
18
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
 
19
Acked-by: Chris Wright <chrisw@sous-sol.org>
 
20
 
 
21
---
 
22
Note this needs compile testing on various POSIX host platforms.  Tested on
 
23
Linux.  Should work on BSD and Solaris.  initgroups(3) is SVr4/BSD but not in
 
24
POSIX.
 
25
 
 
26
 os-posix.c |    6 ++++++
 
27
 1 file changed, 6 insertions(+)
 
28
 
 
29
Index: qemu-kvm-0.14.0+noroms/os-posix.c
 
30
===================================================================
 
31
--- qemu-kvm-0.14.0+noroms.orig/os-posix.c      2011-02-22 07:34:38.000000000 -0600
 
32
+++ qemu-kvm-0.14.0+noroms/os-posix.c   2011-07-26 08:02:42.000000000 -0500
 
33
@@ -31,6 +31,7 @@
 
34
 /*needed for MAP_POPULATE before including qemu-options.h */
 
35
 #include <sys/mman.h>
 
36
 #include <pwd.h>
 
37
+#include <grp.h>
 
38
 #include <libgen.h>
 
39
 
 
40
 /* Needed early for CONFIG_BSD etc. */
 
41
@@ -206,6 +207,11 @@
 
42
             fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
 
43
             exit(1);
 
44
         }
 
45
+        if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
 
46
+            fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
 
47
+                    user_pwd->pw_name, user_pwd->pw_gid);
 
48
+            exit(1);
 
49
+        }
 
50
         if (setuid(user_pwd->pw_uid) < 0) {
 
51
             fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
 
52
             exit(1);