diff options
author | Eric Hameleers <alien@slackware.com> | 2013-09-08 06:47:23 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2013-09-08 06:47:23 +0000 |
commit | 1965b8be8c954088c87cc7d64394fd6c370710f9 (patch) | |
tree | e17dabab869fdf2586b81b88ad10280411abb72e /current | |
parent | 98201e1a40e90a714de3cfd8ddfcafa4c574839a (diff) | |
download | multilib-1965b8be8c954088c87cc7d64394fd6c370710f9.tar.gz multilib-1965b8be8c954088c87cc7d64394fd6c370710f9.tar.xz |
Patched to remove pt_chown (fix for CVE-2013-2207)
Diffstat (limited to 'current')
-rwxr-xr-x | current/glibc/glibc-multilib.SlackBuild | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/current/glibc/glibc-multilib.SlackBuild b/current/glibc/glibc-multilib.SlackBuild index 4a96588..fc807fb 100755 --- a/current/glibc/glibc-multilib.SlackBuild +++ b/current/glibc/glibc-multilib.SlackBuild @@ -30,7 +30,7 @@ VERSION=${VERSION:-2.17} CHECKOUT=${CHECKOUT:-""} -BUILD=${BUILD:-5alien} +BUILD=${BUILD:-6alien} ## Included in glibc now: ## glibc-libidn version @@ -202,6 +202,15 @@ apply_patches() { # amounts of data to be sent to the targeted machine. May lead to a # crash. Considered low impact. zcat $CWD/glibc.CVE-2013-1914.diff.gz | patch -p1 --verbose || exit 1 + # Remove pt_chown by default, as it can be used for a local privilege + # escalation. However, although this is worth patching in the -current + # version, it requires a non-default (and known to weaken security) setting + # for FUSE. Additionally, the patch is not portable to older versions of + # glibc (but thanks Mancha for porting it to 2.17!). On older versions + # of glibc, making /usr/libexec/pt_chown a symlink to /bin/true will + # provide the same fix, if needed. But the insecure setting for FUSE + # probably opens up many other possible exploits and should be avoided. + zcat $CWD/glibc.CVE-2013-2207.diff.gz | patch -p1 --verbose || exit 1 if [ $BOOTSTRP -eq 1 ] ; then # Multilib - Disable check for forced unwind (Patch from eglibc) since we # do not have a multilib glibc yet to link to; |