Bug#504182: intent to NMU

To: 504182@bugs.debian.org
Subject: Bug#504182: intent to NMU
From: Nico Golde <nion@debian.org>
Date: Wed, 5 Nov 2008 21:23:14 +0100
Message-id: <[🔎] 20081105202314.GA8161@ngolde.de>
Reply-to: Nico Golde <nion@debian.org>, 504182@bugs.debian.org

Hi,
I intent to upload an NMU to fix this bug.
debdiff attached and archived on:
http://people.debian.org/~nion/nmu-diff/hf-0.8-8_0.8-8.1.patch

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u hf-0.8/debian/changelog hf-0.8/debian/changelog
--- hf-0.8/debian/changelog
+++ hf-0.8/debian/changelog
@@ -1,3 +1,12 @@
+hf (0.8-8.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix local root security hole that is caused by an insecure call
+    to the system function, thanks Steve Kemp for the patch
+    (CVE-2008-2378; Closes: #504182).
+
+ -- Nico Golde <nion@debian.org>  Wed, 05 Nov 2008 21:19:58 +0100
+
 hf (0.8-8) unstable; urgency=low
 
   * Remove asm/page.h include from util/reffreq.c. Closes: #479967.
only in patch2:
unchanged:
--- hf-0.8.orig/hfkernel/main.c
+++ hf-0.8/hfkernel/main.c
@@ -78,6 +78,11 @@
 #include "alsa.h"
 #endif /* HAVE_ALSA_ASOUNDLIB_H */
 
+#ifndef PID_FILE
+# define PID_FILE "/var/run/hfkernel.pid"
+#endif
+
+
 /* --------------------------------------------------------------------- */
 
 /* these variables take hfkernel's options */
@@ -154,6 +159,49 @@
 	}
 }
 
+void kill_daemon()
+{
+	FILE *f;
+	int pid;
+
+	if (!(f = fopen (PID_FILE, "r")))
+        {
+                 errstr( SEV_FATAL, "Failed to read from PID file");
+                  exit(1);
+        }
+	fscanf (f, "%d", &pid);
+	fclose (f);
+
+        kill( SIGKILL, pid );
+        unlink( PID_FILE );
+        exit(1);
+}
+
+
+int write_pid()
+{
+	char buf[20];
+	int fd;
+	long pid;
+
+	if ((fd = open (PID_FILE, O_CREAT | O_TRUNC | O_WRONLY, 0600)) == -1)
+	{
+                errstr (SEV_FATAL, "cannot open pidfile for writing ");
+                exit(1);
+	}
+        else
+        {
+		pid = getpid ();
+		snprintf (buf, sizeof (buf), "%ld", (long) pid);
+		if (write (fd, buf, strlen (buf)) != strlen (buf))
+                {
+                       errstr (SEV_FATAL, "cannot write to pidfile ");
+                       exit(1);
+                }
+		close(fd);
+	}
+	return pid;
+}
 
 /* --------------------------------------------------------------------- */
 
@@ -529,8 +577,8 @@
                     break;
 
                 case 'k':
-                    system ("killall hfkernel");
-
+                     kill_daemon();
+                     break;
                 case 'l':
                     logging = 1;
                     break;
@@ -635,6 +683,7 @@
 
                 exit(1);
         }
+
         if (logging)
                 openlog("hfkernel", LOG_PID, LOG_DAEMON);
 	printf("hfkernel %s starting...\n", PACKAGE_VERSION);
@@ -699,6 +748,8 @@
 
 	printf("Note: hfkernel is only part of the hf package.\n"); 
 	printf("It is controlled by the graphic terminal hfterm. To start them both, use the start script hf. In newer linuxes (kernel 2.6...) we need the syntax\n ÂŽLD_ASDSUME_KERNEL=2.2.5 hftermÂŽ, this is already prepared in the hf script. \n");
+        write_pid();
+
 	start_io_thread();
 	exit(0); }

Attachment: pgpfJ2IQtc4j8.pgp
Description: PGP signature

Reply to:

Prev by Date: Processing of hf_0.8-8.1_amd64.changes
Next by Date: hf_0.8-8.1_amd64.changes ACCEPTED
Previous by thread: Processing of hf_0.8-8.1_amd64.changes
Next by thread: hf_0.8-8.1_amd64.changes ACCEPTED
Index(es):
- Date
- Thread