[iproute/f15] Address dangerous /tmp files security issue (CVE-2012-1088, #797881, #797878)

Petr Šabata psabata at fedoraproject.org
Thu Mar 1 12:24:29 UTC 2012 

commit 8ab65544a8de8ce89bc4515509b11aad10b4d56e
Author: Petr Šabata <contyk at redhat.com>
Date:   Thu Mar 1 13:20:50 2012 +0100

    Address dangerous /tmp files security issue (CVE-2012-1088, #797881, #797878)

 iproute.spec                                       |    9 ++-
 ...e2-2.6.39-Dont-put-configure-files-in-tmp.patch |  113 ++++++++++++++++++++
 ...e2-2.6.39-dhcp-client-script-dont-use-tmp.patch |   27 +++++
 3 files changed, 148 insertions(+), 1 deletions(-)
---
diff --git a/iproute.spec b/iproute.spec
index e4432b6..beb965c 100644
--- a/iproute.spec
+++ b/iproute.spec
@@ -2,7 +2,7 @@
 Summary:            Advanced IP routing and network device configuration tools
 Name:               iproute
 Version:            2.6.38.1
-Release:            5%{?dist}
+Release:            6%{?dist}
 Group:              Applications/System
 URL:                http://www.linuxfoundation.org/collaborate/workgroups/networking/%{name}2
 Source0:            http://devresources.linuxfoundation.org/dev/iproute2/download/%{name}2-%{version}.tar.bz2
@@ -20,6 +20,8 @@ Patch8:             iproute2-2.6.35-print-route.patch
 Patch9:             iproute2-print-route-u32.patch
 Patch10:            iproute2-2.6.33-create-peer-veth-without-a-name.patch
 Patch11:            iproute2-2.6.38-Display-closed-UDP-sockets-on-ss-ul.patch
+Patch12:            iproute2-2.6.39-Dont-put-configure-files-in-tmp.patch
+Patch13:            iproute2-2.6.39-dhcp-client-script-dont-use-tmp.patch
 
 License:            GPLv2+ and Public Domain
 BuildRequires:      tex(latex) tex(dvips) linuxdoc-tools
@@ -64,6 +66,8 @@ sed -i "s/_VERSION_/%{version}/" man/man8/ss.8
 %patch9 -p1 -b .print-route-u32
 %patch10 -p1 -b .peer-veth-without-name
 %patch11 -p1 -b .ssul
+%patch12 -p1 -b .tmp
+%patch13 -p1 -b .tmp-dhcp
 
 %build
 export LIBDIR=/%{_libdir}
@@ -185,6 +189,9 @@ done
 %{_includedir}/libnetlink.h
 
 %changelog
+* Thu Mar 01 2012 Petr Šabata <contyk at redhat.com> - 2.6.38.1-6
+- Address dangerous /tmp files security issue (CVE-2012-1088, #797881, #797878)
+
 * Thu Nov 24 2011 Petr Šabata <contyk at redhat.com> - 2.6.38.1-5
 - Display closed UDP sockets on 'ss -ul' (#691100)
 
diff --git a/iproute2-2.6.39-Dont-put-configure-files-in-tmp.patch b/iproute2-2.6.39-Dont-put-configure-files-in-tmp.patch
new file mode 100644
index 0000000..8df8738
--- /dev/null
+++ b/iproute2-2.6.39-Dont-put-configure-files-in-tmp.patch
@@ -0,0 +1,113 @@
+diff --git a/configure b/configure
+index 600fa96..c388f99 100755
+--- a/configure
++++ b/configure
+@@ -3,11 +3,15 @@
+ #
+ INCLUDE=${1:-"$PWD/include"}
+ 
++# Make a temp directory in build tree.
++TMPDIR=$(mktemp -d config.XXXXXX)
++trap 'status=$?; rm -rf $TMPDIRa; exit $status' EXIT HUP INT QUIT TERM
++
+ TABLES=
+ 
+ check_atm()
+ {
+-cat >/tmp/atmtest.c <<EOF
++cat >$TMPDIR/atmtest.c <<EOF
+ #include <atm.h>
+ int main(int argc, char **argv) {
+ 	struct atm_qos qos;
+@@ -15,7 +19,7 @@ int main(int argc, char **argv) {
+ 	return 0;
+ }
+ EOF
+-gcc -I$INCLUDE -o /tmp/atmtest /tmp/atmtest.c -latm >/dev/null 2>&1 
++gcc -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1 
+ if [ $? -eq 0 ]
+ then
+     echo "TC_CONFIG_ATM:=y" >>Config
+@@ -23,13 +27,13 @@ then
+ else
+     echo no
+ fi
+-rm -f /tmp/atmtest.c /tmp/atmtest
++rm -f $TMPDIR/atmtest.c $TMPDIR/atmtest
+ }
+ 
+ check_xt()
+ {
+ #check if we have xtables from iptables >= 1.4.5.
+-cat >/tmp/ipttest.c <<EOF
++cat >$TMPDIR/ipttest.c <<EOF
+ #include <xtables.h>
+ #include <linux/netfilter.h>
+ static struct xtables_globals test_globals = {
+@@ -49,12 +53,12 @@ int main(int argc, char **argv)
+ 
+ EOF
+ 
+-if gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl -lxtables >/dev/null 2>&1
++if gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl -lxtables >/dev/null 2>&1
+ then
+ 	echo "TC_CONFIG_XT:=y" >>Config
+ 	echo "using xtables"
+ fi
+-rm -f /tmp/ipttest.c /tmp/ipttest
++rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
+ }
+ 
+ check_xt_old()
+@@ -66,7 +70,7 @@ then
+ fi
+ 
+ #check if we need dont our internal header ..
+-cat >/tmp/ipttest.c <<EOF
++cat >$TMPDIR/ipttest.c <<EOF
+ #include <xtables.h>
+ char *lib_dir;
+ unsigned int global_option_offset = 0;
+@@ -86,14 +90,14 @@ int main(int argc, char **argv) {
+ }
+ 
+ EOF
+-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl >/dev/null 2>&1
++gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1
+ 
+ if [ $? -eq 0 ]
+ then
+ 	echo "TC_CONFIG_XT_OLD:=y" >>Config
+ 	echo "using old xtables (no need for xt-internal.h)"
+ fi
+-rm -f /tmp/ipttest.c /tmp/ipttest
++rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
+ }
+ 
+ check_xt_old_internal_h()
+@@ -105,7 +109,7 @@ then
+ fi
+ 
+ #check if we need our own internal.h
+-cat >/tmp/ipttest.c <<EOF
++cat >$TMPDIR/ipttest.c <<EOF
+ #include <xtables.h>
+ #include "xt-internal.h"
+ char *lib_dir;
+@@ -126,14 +130,14 @@ int main(int argc, char **argv) {
+ }
+ 
+ EOF
+-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl >/dev/null 2>&1
++gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1
+ 
+ if [ $? -eq 0 ]
+ then
+ 	echo "using old xtables with xt-internal.h"
+ 	echo "TC_CONFIG_XT_OLD_H:=y" >>Config
+ fi
+-rm -f /tmp/ipttest.c /tmp/ipttest
++rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
+ }
+ 
+ check_ipt()
diff --git a/iproute2-2.6.39-dhcp-client-script-dont-use-tmp.patch b/iproute2-2.6.39-dhcp-client-script-dont-use-tmp.patch
new file mode 100644
index 0000000..2145791
--- /dev/null
+++ b/iproute2-2.6.39-dhcp-client-script-dont-use-tmp.patch
@@ -0,0 +1,27 @@
+From 20ed7b24df05eadf83168d1d0ce0052a31380928 Mon Sep 17 00:00:00 2001
+From: Stephen Hemminger <shemminger at vyatta.com>
+Date: Wed, 15 Feb 2012 10:05:45 -0800
+Subject: [PATCH] dhcp-client-script: don't use /tmp
+
+/tmp is a dangerous place and better to put log files in /var/log.
+Based on patch by Vasiliy Kulikov <segoon at openwall.com>
+---
+ examples/dhcp-client-script |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/examples/dhcp-client-script b/examples/dhcp-client-script
+index 7207b57..f39bc10 100644
+--- a/examples/dhcp-client-script
++++ b/examples/dhcp-client-script
+@@ -14,7 +14,7 @@
+ # we should install and preserve.
+ #
+ 
+-exec >> /tmp/DHS.log 2>&1
++exec >> /var/log/DHS.log 2>&1
+ 
+ echo dhc-script $* reason=$reason
+ set | grep "^\(old_\|new_\|check_\)"
+-- 
+1.7.6.5
+

More information about the scm-commits mailing list