On Tue, Jan 01, 2008 at 07:08:59PM +0100, Nico Golde wrote: > Hi Alberto, > * Alberto Gonzalez Iniesta <agi@inittab.org> [2008-01-01 19:00]: > > On Sun, Dec 30, 2007 at 04:22:52PM +0100, Nico Golde wrote: > [...] > > I prepared packages for both Etch and Sarge (stable and oldstable) and > > I'm ready to upload them. Please, SRMs, let me know if it's ok to do so. > > Sorry it took me sometime, but my limited BW makes it hard to build > > sarge or etch envs. > > Can you provide a link to a debdiff between the current > stable version and the update you prepared? > Kind regards > Nico Hi Nico, Sure, find them attached. They only change is the patch you provided. Regards, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
------------------------------------------------
Depends: libc6 (>= [-2.3.2.ds1-4),-] {+2.3.2.ds1-21),+} libnet0, libpcap0.8, debconf
Installed-Size: [-104-] {+108+}
Version: [-1.1-9-] {+1.1-9sarge1+}
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
------------------------------------------------
Installed-Size: [-112-] {+156+}
Version: [-1.1-13-] {+1.1-13etch1+}
diff -u sing-1.1/debian/changelog sing-1.1/debian/changelog
--- sing-1.1/debian/changelog
+++ sing-1.1/debian/changelog
@@ -1,3 +1,11 @@
+sing (1.1-9sarge1) oldstable; urgency=low
+
+ * Patched parser.c to drop privileges when opening log file and
+ running sing SUID. (CVE-2007-6211)
+ Thanks a lot to Nico Golde for the patch. (Closes: #454167)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 01 Jan 2008 16:02:39 +0100
+
sing (1.1-9) unstable; urgency=low
* Fixed version number. Not a NMU
only in patch2:
unchanged:
--- sing-1.1.orig/parser.c
+++ sing-1.1/parser.c
@@ -75,6 +75,8 @@
struct protoent *proto;
static struct mi_ifaz iface;
struct sockaddr_in *aux2;
+ uid_t user_id;
+
static struct option options[] =
{
{ "help", 0, 0, 'h' },
@@ -380,8 +382,15 @@
break;
case 31:
- if ( (packet->logfile = fopen(optarg, "a+")) == NULL )
- go_out_error(1, "fopen");
+ user_id = getuid();
+ uid_t tmp_id = geteuid();
+
+ seteuid(user_id);
+ if ( (packet->logfile = fopen(optarg, "a+")) == NULL )
+ go_out_error(1, "fopen");
+
+ seteuid(tmp_id);
+
break;
case 32:
@@ -889,4 +898,4 @@
packet.mac_src[i] = strtol(data, (char **)NULL, 16);
return 0;
-}
\ No newline at end of file
+}
diff -u sing-1.1/debian/changelog sing-1.1/debian/changelog
--- sing-1.1/debian/changelog
+++ sing-1.1/debian/changelog
@@ -1,3 +1,11 @@
+sing (1.1-13etch1) stable; urgency=low
+
+ * Patched parser.c to drop privileges when opening log file and
+ running sing SUID. (CVE-2007-6211)
+ Thanks a lot to Nico Golde for the patch. (Closes: #454167)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 01 Jan 2008 15:45:10 +0100
+
sing (1.1-13) unstable; urgency=low
* Fix translations fuzzied by previous typographical changes to templates.
only in patch2:
unchanged:
--- sing-1.1.orig/parser.c
+++ sing-1.1/parser.c
@@ -75,6 +75,8 @@
struct protoent *proto;
static struct mi_ifaz iface;
struct sockaddr_in *aux2;
+ uid_t user_id;
+
static struct option options[] =
{
{ "help", 0, 0, 'h' },
@@ -380,8 +382,15 @@
break;
case 31:
- if ( (packet->logfile = fopen(optarg, "a+")) == NULL )
- go_out_error(1, "fopen");
+ user_id = getuid();
+ uid_t tmp_id = geteuid();
+
+ seteuid(user_id);
+ if ( (packet->logfile = fopen(optarg, "a+")) == NULL )
+ go_out_error(1, "fopen");
+
+ seteuid(tmp_id);
+
break;
case 32:
@@ -889,4 +898,4 @@
packet.mac_src[i] = strtol(data, (char **)NULL, 16);
return 0;
-}
\ No newline at end of file
+}
Attachment:
signature.asc
Description: Digital signature