[oprofile] * Tue Jun 07 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-21 - Correct CVE-2011-1760. Resolves: rhbz
William Eden Cohen
wcohen at fedoraproject.org
Tue Jun 7 20:12:42 UTC 2011
commit f4379f0ea22a776f1bc87502ff144b3aa19bfd25
Author: William Cohen <wcohen at redhat.com>
Date: Tue Jun 7 16:11:46 2011 -0400
* Tue Jun 07 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-21
- Correct CVE-2011-1760. Resolves: rhbz #701508
oprofile-opcontrol.patch | 325 ++++++++++++++++++++++++++++++++++++++++++++++
oprofile.spec | 7 +-
2 files changed, 331 insertions(+), 1 deletions(-)
---
diff --git a/oprofile-opcontrol.patch b/oprofile-opcontrol.patch
new file mode 100644
index 0000000..769277a
--- /dev/null
+++ b/oprofile-opcontrol.patch
@@ -0,0 +1,325 @@
+From: William Cohen <wcohen at redhat.com>
+Date: Mon, 23 May 2011 19:18:34 +0000 (-0500)
+Subject: Avoid blindly writing to $SESSION_DIR/opd_pipe
+X-Git-Url: http://oprofile.git.sourceforge.net/git/gitweb.cgi?p=oprofile%2Foprofile;a=commitdiff_plain;h=718de99bbea1e912cea175522fb1b86c72db8de9;hp=9eeef58ea07bfab51ade629f5821b398061fba4e
+
+Avoid blindly writing to $SESSION_DIR/opd_pipe
+---
+
+diff --git a/utils/opcontrol b/utils/opcontrol
+index 2316cb2..e908f1f 100644
+--- a/utils/opcontrol
++++ b/utils/opcontrol
+@@ -1646,7 +1646,9 @@ do_dump_data()
+ fi
+ fi
+ # trigger oprofiled to execute opjitconv
+- echo do_jitconv > $SESSION_DIR/opd_pipe
++ if test -p "$SESSION_DIR/opd_pipe"; then
++ echo do_jitconv >> $SESSION_DIR/opd_pipe
++ fi
+ rm -f "$SESSION_DIR/complete_dump"
+ echo 1 > $MOUNT/dump
+ # loop until the complete_dump file is created to
+From: William Cohen <wcohen at redhat.com>
+Date: Mon, 23 May 2011 19:59:41 +0000 (-0500)
+Subject: Ensure that --save only saves things in $SESSION_DIR
+X-Git-Url: http://oprofile.git.sourceforge.net/git/gitweb.cgi?p=oprofile%2Foprofile;a=commitdiff_plain;h=022cc07e4140c1ba1b9824124b29f36fd44d6040
+
+Ensure that --save only saves things in $SESSION_DIR
+---
+
+diff --git a/utils/opcontrol b/utils/opcontrol
+index e908f1f..0f04354 100644
+--- a/utils/opcontrol
++++ b/utils/opcontrol
+@@ -75,6 +75,16 @@ error_if_not_number()
+ fi
+ }
+
++# check value is a base filename
++error_if_not_basename()
++{
++ bname=`basename "$2"`
++ if [[ "x$2" != "x$bname" ]] ; then
++ echo "Argument for $1, $2, is not a base filename." >&2
++ exit 1
++ fi
++}
++
+ # rm_device arguments $1=file_name
+ rm_device()
+ {
+@@ -753,6 +763,7 @@ do_options()
+
+ --save)
+ error_if_empty $arg $val
++ error_if_not_basename $arg $val
+ DUMP=yes
+ SAVE_SESSION=yes
+ SAVE_NAME=$val
+From: William Cohen <wcohen at redhat.com>
+Date: Thu, 2 Jun 2011 13:44:38 +0000 (-0400)
+Subject: Avoid blindly source $SETUP_FILE with '.' (PR3303383)
+X-Git-Url: http://oprofile.git.sourceforge.net/git/gitweb.cgi?p=oprofile%2Foprofile;a=commitdiff_plain;h=f427df4ed4b2ec540d496abc4afa984b2dd677b4
+
+Avoid blindly source $SETUP_FILE with '.' (PR3303383)
+
+There could be arbitrary commands in the $SETUP_FILE. The '.' command
+would blindly execute them. This change limits do_load_setup to only
+assigning values to variables.
+---
+
+diff --git a/utils/opcontrol b/utils/opcontrol
+index cdff19f..b981427 100644
+--- a/utils/opcontrol
++++ b/utils/opcontrol
+@@ -496,12 +496,25 @@ do_load_setup()
+ # reload all the setup-related information
+ do_load_setup()
+ {
+- if test -f "$SETUP_FILE"; then
+- # load the actual information from file
+- # FIXME this is insecure, arbitrary commands could be added to
+- # $SETUP_FILE and be executed as root
+- . $SETUP_FILE
+- fi
++ if test ! -f "$SETUP_FILE"; then return; fi
++
++ while IFS== read -r arg val; do
++ case "$arg" in
++ # The following catches anything that is not
++ # 0-9, a-z, A-Z, or an '_'
++ *[![:alnum:]_]*)
++ echo "Invalid variable \"$arg\" in $SETUP_FILE."
++ exit 1;;
++ esac
++ case "$val" in
++ # The following catches anything that is not
++ # 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/'
++ *[!-[:alnum:]_:,./]*)
++ echo "Invalid value \"$val\" for $arg in $SETUP_FILE."
++ exit 1;;
++ esac
++ eval "${arg}=${val}"
++ done < $SETUP_FILE
+ }
+
+
+From: William Cohen <wcohen at redhat.com>
+Date: Thu, 26 May 2011 15:21:39 +0000 (-0400)
+Subject: Avoid using [[ in error_if_not_basename() to improve posix compliance.
+X-Git-Url: http://oprofile.git.sourceforge.net/git/gitweb.cgi?p=oprofile%2Foprofile;a=commitdiff_plain;h=7cb560b4d52f27f9ccb86a9cd643d0288514335f
+
+Avoid using [[ in error_if_not_basename() to improve posix compliance.
+---
+
+diff --git a/utils/opcontrol b/utils/opcontrol
+index f002f01..cdff19f 100644
+--- a/utils/opcontrol
++++ b/utils/opcontrol
+@@ -89,7 +89,7 @@ error_if_not_number()
+ error_if_not_basename()
+ {
+ bname=`basename "$2"`
+- if [[ "x$2" != "x$bname" ]] ; then
++ if test "$2" != "$bname"; then
+ echo "Argument for $1, $2, is not a base filename." >&2
+ exit 1
+ fi
+From: William Cohen <wcohen at redhat.com>
+Date: Thu, 2 Jun 2011 14:24:26 +0000 (-0400)
+Subject: Do additional checks on user supplied arguments
+X-Git-Url: http://oprofile.git.sourceforge.net/git/gitweb.cgi?p=oprofile%2Foprofile;a=commitdiff_plain;h=9578aed0a51f5c77fd20fd40cead126c7cdd5030
+
+Do additional checks on user supplied arguments
+
+Avoid blindly setting variable to user-supplied values. Check to the values
+to make sure they do not contain odd punctuation.
+
+Signed-off-by: William Cohen <wcohen at redhat.com>
+---
+
+diff --git a/utils/opcontrol b/utils/opcontrol
+index 8f584ad..92baa0d 100644
+--- a/utils/opcontrol
++++ b/utils/opcontrol
+@@ -78,7 +78,8 @@ guess_number_base()
+ # check value is a valid number
+ error_if_not_number()
+ {
+- guess_number_base $2
++ error_if_empty "$1" "$2"
++ guess_number_base "$2"
+ if test "$?" -eq 0 ; then
+ echo "Argument for $1, $2, is not a valid number." >&2
+ exit 1
+@@ -86,13 +87,33 @@ error_if_not_number()
+ }
+
+ # check value is a base filename
+-error_if_not_basename()
++error_if_not_valid_savename()
+ {
++ error_if_empty "$1" "$2"
+ bname=`basename "$2"`
+ if test "$2" != "$bname"; then
+- echo "Argument for $1, $2, is not a base filename." >&2
++ echo "Argument for $1, $2, cannot change directory." >&2
+ exit 1
+ fi
++ case "$2" in
++ # The following catches anything that is not
++ # 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/'
++ *[!-[:alnum:]_:,./]*)
++ echo "Argument for $1, $2, not allow to have special characters" >&2
++ exit 1;;
++ esac
++}
++
++error_if_invalid_arg()
++{
++ error_if_empty "$1" "$2"
++ case "$2" in
++ # The following catches anything that is not
++ # 0-9, a-z, A-Z, an '-', ':', ',', '.', or '/'
++ *[!-[:alnum:]_:,./]*)
++ echo "Argument for $1, $2, is not valid argument." >&2
++ exit 1;;
++ esac
+ }
+
+ # rm_device arguments $1=file_name
+@@ -814,8 +835,7 @@ do_options()
+ ;;
+
+ --save)
+- error_if_empty $arg $val
+- error_if_not_basename $arg $val
++ error_if_not_valid_savename "$arg" "$val"
+ DUMP=yes
+ SAVE_SESSION=yes
+ SAVE_NAME=$val
+@@ -840,8 +860,7 @@ do_options()
+ # already processed
+ ;;
+ --buffer-size)
+- error_if_empty $arg $val
+- error_if_not_number $arg $val
++ error_if_not_number "$arg" "$val"
+ BUF_SIZE=$val
+ DO_SETUP=yes
+ ;;
+@@ -850,8 +869,7 @@ do_options()
+ echo "$arg unsupported for this kernel version"
+ exit 1
+ fi
+- error_if_empty $arg $val
+- error_if_not_number $arg $val
++ error_if_not_number "$arg" "$val"
+ BUF_WATERSHED=$val
+ DO_SETUP=yes
+ ;;
+@@ -860,13 +878,12 @@ do_options()
+ echo "$arg unsupported for this kernel version"
+ exit 1
+ fi
+- error_if_empty $arg $val
+- error_if_not_number $arg $val
++ error_if_not_number "$arg" "$val"
+ CPU_BUF_SIZE=$val
+ DO_SETUP=yes
+ ;;
+ -e|--event)
+- error_if_empty $arg $val
++ error_if_invalid_arg "$arg" "$val"
+ # reset any read-in defaults from daemonrc
+ if test "$SEEN_EVENT" = "0"; then
+ NR_CHOSEN=0
+@@ -887,17 +904,16 @@ do_options()
+ DO_SETUP=yes
+ ;;
+ -c|--callgraph)
+- error_if_empty $arg $val
+ if test ! -f $MOUNT/backtrace_depth; then
+ echo "Call-graph profiling unsupported on this kernel/hardware" >&2
+ exit 1
+ fi
+- error_if_not_number $arg $val
++ error_if_not_number "$arg" "$val"
+ CALLGRAPH=$val
+ DO_SETUP=yes
+ ;;
+ --vmlinux)
+- error_if_empty $arg $val
++ error_if_invalid_arg "$arg" "$val"
+ VMLINUX=$val
+ DO_SETUP=yes
+ ;;
+@@ -906,42 +922,42 @@ do_options()
+ DO_SETUP=yes
+ ;;
+ --kernel-range)
+- error_if_empty $arg $val
++ error_if_invalid_arg "$arg" "$val"
+ KERNEL_RANGE=$val
+ DO_SETUP=yes
+ ;;
+ --xen)
+- error_if_empty $arg $val
++ error_if_invalid_arg "$arg" "$val"
+ XENIMAGE=$val
+ DO_SETUP=yes
+ ;;
+ --active-domains)
+- error_if_empty $arg $val
++ error_if_invalid_arg $arg $val
+ ACTIVE_DOMAINS=$val
+ DO_SETUP=yes
+ ;;
+ --passive-domains|--domains)
+- error_if_empty $arg $val
++ error_if_invalid_arg $arg $val
+ PASSIVE_DOMAINS=$val
+ DO_SETUP=yes
+ ;;
+ --passive-images|--domain-images)
+- error_if_empty $arg $val
++ error_if_invalid_arg $arg $val
+ PASSIVE_IMAGES=$val
+ DO_SETUP=yes
+ ;;
+ --note-table-size)
+- error_if_empty $arg $val
+ if test "$KERNEL_SUPPORT" = "yes"; then
+ echo "\"$arg\" meaningless on this kernel" >&2
+ exit 1
+ else
++ error_if_not_number "$arg" "$val"
+ NOTE_SIZE=$val
+ fi
+ DO_SETUP=yes
+ ;;
+ -i|--image)
+- error_if_empty $arg $val
++ error_if_invalid_arg "$arg" "$val"
+ if test "$val" = "all"; then
+ IMAGE_FILTER=
+ else
+@@ -944,6 +960,7 @@ do_options()
+ if test -z "$val"; then
+ VERBOSE="all"
+ else
++ error_if_invalid_arg "$arg" "$val"
+ VERBOSE=$val
+ fi
+ ;;
+@@ -1898,7 +1915,7 @@ check_options_early()
+ exit 0
+ ;;
+ --session-dir)
+- error_if_empty $arg $val
++ error_if_invalid_arg "$arg" "$val"
+ SESSION_DIR="$val"
+ DO_SETUP=yes
+ # do not exit early
diff --git a/oprofile.spec b/oprofile.spec
index 738c60a..91f2d14 100644
--- a/oprofile.spec
+++ b/oprofile.spec
@@ -1,7 +1,7 @@
Summary: System wide profiler
Name: oprofile
Version: 0.9.6
-Release: 20%{?dist}
+Release: 21%{?dist}
License: GPLv2
Group: Development/System
#
@@ -23,6 +23,7 @@ Patch123: oprofile-westmere.patch
Patch124: oprofile-check.patch
Patch130: oprofile-unmutable.patch
Patch131: oprofile-qt4.patch
+Patch132: oprofile-opcontrol.patch
URL: http://oprofile.sf.net
@@ -99,6 +100,7 @@ agent library.
%patch124 -p1
%patch130 -p1
%patch131 -p1
+%patch132 -p1
./autogen.sh
@@ -245,6 +247,9 @@ test "$1" != 0 || groupdel oprofile &>/dev/null || :
/etc/ld.so.conf.d/*
%changelog
+* Tue Jun 07 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-21
+- Correct CVE-2011-1760. Resolves: rhbz #701508
+
* Tue Apr 5 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-20
- Re-enable xenoprof patch.
More information about the scm-commits
mailing list