[gitolite/f15/master] Fix ADC security issue

Lubomir Rintel lkundrak at fedoraproject.org
Wed Feb 16 10:20:55 UTC 2011 

commit 4354431f796948c060132091c8295480a809b41b
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Tue Feb 15 12:13:42 2011 +0100

    Fix ADC security issue
    
    Dylan Alex Simon discovered and reported a directory traversal flaw in
    the way Gitolite restricted access to admin defined commands ("ADC"). An
    authenticated attacker could execute arbitrary code with privileges of
    Gitolite server user using specially crafted command name.
    
    The flaw does not affect default Gitolite installations. Users who have
    enabled ADC in their configurations are advised to install the updated
    package which includes a fix to resolve the issue.

 adcfix.pre-v2.patch |   12 ++++++++++++
 gitolite.spec       |    5 +++++
 2 files changed, 17 insertions(+), 0 deletions(-)
---
diff --git a/adcfix.pre-v2.patch b/adcfix.pre-v2.patch
new file mode 100644
index 0000000..f7a426c
--- /dev/null
+++ b/adcfix.pre-v2.patch
@@ -0,0 +1,12 @@
+diff --git i/src/gl-auth-command w/src/gl-auth-command
+index 1af4232..f3449a5 100755
+--- i/src/gl-auth-command
++++ w/src/gl-auth-command
+@@ -154,6 +154,7 @@ die "server is in slave mode; you can only fetch\n"
+ if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
+     my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
+     if (-x "$GL_ADC_PATH/$cmd") {
++        die "I don't like $cmd\n" if $cmd =~ /\.\./;
+         # yes this is rather strict, sorry.
+         do { die "I don't like $_\n" unless $_ =~ $ADC_CMD_ARGS_PATT } for ($cmd, @args);
+         &log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}");
diff --git a/gitolite.spec b/gitolite.spec
index 086e8a0..e035e0d 100644
--- a/gitolite.spec
+++ b/gitolite.spec
@@ -25,6 +25,7 @@ Source1:        gitolite-README-fedora
 # Far from being upstreamable
 Patch0:         gitolite-1.5.7-rpm.patch
 Patch1:         gitolite-1.4.2-conf.patch
+Patch2:         adcfix.pre-v2.patch
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 BuildArch:      noarch
@@ -55,6 +56,7 @@ elsewhere in the doc/ directory.
 # Don't create backups; would mess with %%install
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 cp %{SOURCE1} .
 
 
@@ -114,6 +116,9 @@ exit 0
 
 
 %changelog
+* Tue Feb 15 2011 Lubomir Rintel <lkundrak at v3.sk> - 1.5.8-2
+- Fix ADC security issue
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

More information about the scm-commits mailing list