This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] BZ #15755: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal

From: Mike Frysinger <vapier at gentoo dot org>
To: libc-alpha at sourceware dot org
Cc: "Carlos O'Donell" <carlos at redhat dot com>, David Miller <davem at davemloft dot net>, Roland McGrath <roland at hack dot frob dot com>, Andreas Schwab <schwab at suse dot de>, Andreas Jaeger <aj at suse dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>, Ryan Arnold <rsa at us dot ibm dot com>, Alexandre Oliva <aoliva at redhat dot com>, Siddhesh Poyarekar <siddhesh at redhat dot com>
Date: Sun, 25 Aug 2013 16:02:49 -0400
Subject: Re: [PATCH] BZ #15755: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal
References: <51E8D4C1 dot 9000705 at redhat dot com> <201308250342 dot 28786 dot vapier at gentoo dot org>

On Sunday 25 August 2013 03:42:25 Mike Frysinger wrote:
> On Friday 19 July 2013 01:55:13 Carlos O'Donell wrote:
> > --- a/configure.in
> > +++ b/configure.in
> > @@ -353,6 +353,16 @@ AC_ARG_ENABLE([nscd],
> > 
> >  	      [use_nscd=$enableval],
> >  	      [use_nscd=yes])
> > 
> > +AC_ARG_ENABLE([pt_chown],
> > +	      [AS_HELP_STRING([--enable-pt_chown],
> > +	       [Enable building and installing pt_chown])],
> > +	      [build_pt_chown=$enableval],
> > +	      [build_pt_chown=no])
> > +AC_SUBST(build_pt_chown)
> > +if test $build_pt_chown = yes; then
> 
> the var expansion is missing quoting.  since it comes directly from the
> user, you could trigger bad behavior:
> 	./configure --enable-pt_chown='foo bar it'

committed as obvious
-mike

From 814b95406550ee01c02c79ca40e8e8f7f1635d42 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 25 Aug 2013 16:01:52 -0400
Subject: [PATCH] configure: add missing quotes in $build_pt_chown test

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 ChangeLog    | 5 +++++
 configure    | 2 +-
 configure.in | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 42373ad..de2f3cc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-08-25  Mike Frysinger  <vapier@gentoo.org>
+
+	* configure.ac: Quote $build_pt_chown test.
+	* configure: Regenerated.
+
 2013-08-23  Joseph Myers  <joseph@codesourcery.com>
 
 	[BZ #15532]
diff --git a/configure b/configure
index 1ee4c42..afe7821 100755
--- a/configure
+++ b/configure
@@ -3722,7 +3722,7 @@ else
 fi
 
 
-if test $build_pt_chown = yes; then
+if test "$build_pt_chown" = yes; then
   $as_echo "#define HAVE_PT_CHOWN 1" >>confdefs.h
 
 fi
diff --git a/configure.in b/configure.in
index 769e8ef..9172ad1 100644
--- a/configure.in
+++ b/configure.in
@@ -359,7 +359,7 @@ AC_ARG_ENABLE([pt_chown],
 	      [build_pt_chown=$enableval],
 	      [build_pt_chown=no])
 AC_SUBST(build_pt_chown)
-if test $build_pt_chown = yes; then
+if test "$build_pt_chown" = yes; then
   AC_DEFINE(HAVE_PT_CHOWN)
 fi
 
-- 
1.8.3.2

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow-Ups:
- Re: [PATCH] BZ #15755: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal
  - From: Carlos O'Donell

References:
- Re: [PATCH] BZ #15755: CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]