On Wed, Dec 1, 2010 at 11:52:00 -0500, Jon Bernard wrote: > diff -Nru ust-0.5/debian/changelog ust-0.5/debian/changelog > --- ust-0.5/debian/changelog 2010-07-02 11:34:52.000000000 -0400 > +++ ust-0.5/debian/changelog 2010-11-30 21:23:43.000000000 -0500 > @@ -1,3 +1,9 @@ > +ust (0.5-1+squeeze1) testing; urgency=low > + > + * Backport upstream fix for CVE-2010-3386 (Bug #598309) You should close the bug in the changelog. > + > + -- Jon Bernard <jbernard@debian.org> Tue, 30 Nov 2010 21:21:25 -0500 > + > ust (0.5-1) unstable; urgency=low > > * [79cd16] Imported Upstream version 0.5 > diff -Nru ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch > --- ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch 1969-12-31 19:00:00.000000000 -0500 > +++ ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch 2010-11-30 21:23:43.000000000 -0500 > @@ -0,0 +1,84 @@ > +From: Jon Bernard <jbernard@debian.org> > +Date: Tue, 30 Nov 2010 13:40:04 -0500 > +Subject: [PATCH] Backport upstream fix for CVE-2010-3386 (Bug #598309) > + > +When there's an empty item on the colon-separated list of > +LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given > +script (usttrace) is executed from a directory where a potential, local, > +attacker can write files to, there's a chance to exploit this bug. > + > +This patch was applied upstream in version 0.8. > +--- > + usttrace | 47 +++++++++++++++++++++++++++++++++++++---------- > + 1 files changed, 37 insertions(+), 10 deletions(-) > + > +diff --git a/usttrace b/usttrace > +index dc159f2..5fdb52f 100755 > +--- a/usttrace > ++++ b/usttrace > +@@ -132,27 +132,54 @@ fi > + > + if [ "$arg_preload_libust" = "1" ]; > + then > +- if [ -n "${LIBUST_PATH%libust.so}" ] ; then > +- export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > ++ if [ -n "${LIBUST_PATH%libust.so}" ]; > ++ then > ++ if [ -n "$LD_LIBRARY_PATH" ]; > ++ then > ++ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > ++ else > ++ export LD_LIBRARY_PATH="${LIBUST_PATH%libust.so}" > ++ fi > ++ fi > ++ if [ -n "$LIBUST_PATH" ]; > ++ then > ++ if [ -n "$LD_PRELOAD" ]; > ++ then > ++ export LD_PRELOAD="$LD_PRELOAD:$LIBUST_PATH" > ++ else > ++ export LD_PRELOAD="$LIBUST_PATH" > ++ fi > + fi > +- export LD_PRELOAD="$LD_PRELOAD:$LIBUST_PATH" > + fi > + > +- if [ "$arg_ld_std_ust" = "1" ]; > ++ if [ "$arg_ld_std_ust" = "1" ] && [ -n "${LIBUST_PATH%libust.so}" ]; > + then > +- if [ -n "$${LIBUST_PATH%libust.so}" ] ; then > +- export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > ++ if [ -n "$LD_LIBRARY_PATH" ]; > ++ then > ++ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}" > ++ else > ++ export LD_LIBRARY_PATH="${LIBUST_PATH%libust.so}" > + fi > + fi > + > +- if [ "$arg_preload_malloc" = "1" ]; > ++ if [ "$arg_preload_malloc" = "1" ] && [ -n "$LIBMALLOCWRAP_PATH" ]; > + then > +- export LD_PRELOAD="$LD_PRELOAD:$LIBMALLOCWRAP_PATH" > ++ if [ -n "$LD_PRELOAD" ]; > ++ then > ++ export LD_PRELOAD="$LD_PRELOAD:$LIBMALLOCWRAP_PATH" > ++ else > ++ export LD_PRELOAD="$LIBMALLOCWRAP_PATH" > ++ fi > + fi > + > +- if [ "$arg_preload_fork" = "1" ]; > ++ if [ "$arg_preload_fork" = "1" ] && [ -n "$LIBINTERFORK_PATH" ]; > + then > +- export LD_PRELOAD="$LD_PRELOAD:$LIBINTERFORK_PATH" > ++ if [ -n "$LD_PRELOAD" ]; > ++ then > ++ export LD_PRELOAD="$LD_PRELOAD:$LIBINTERFORK_PATH" > ++ else > ++ export LD_PRELOAD="$LIBINTERFORK_PATH" > ++ fi > + fi > + > + # Execute the command > +-- The patch seems overly complicated, but I guess if that's what upstream went with it's ok... (e.g. LIBUST_PATH, LIBINTERFORK_PATH and LIBMALLOCWRAP_PATH can never be empty, as far as I can tell) > diff -Nru ust-0.5/debian/patches/series ust-0.5/debian/patches/series > --- ust-0.5/debian/patches/series 2010-07-02 11:34:52.000000000 -0400 > +++ ust-0.5/debian/patches/series 2010-11-30 21:23:43.000000000 -0500 > @@ -1 +1,2 @@ > +0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch > info-dir-section.diff Cheers, Julien
Attachment:
signature.asc
Description: Digital signature