Hi, I intent to upload an NMU to fix this bug. debdiff attached and archived on: http://people.debian.org/~nion/nmu-diff/hf-0.8-8_0.8-8.1.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u hf-0.8/debian/changelog hf-0.8/debian/changelog
--- hf-0.8/debian/changelog
+++ hf-0.8/debian/changelog
@@ -1,3 +1,12 @@
+hf (0.8-8.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix local root security hole that is caused by an insecure call
+ to the system function, thanks Steve Kemp for the patch
+ (CVE-2008-2378; Closes: #504182).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Wed, 05 Nov 2008 21:19:58 +0100
+
hf (0.8-8) unstable; urgency=low
* Remove asm/page.h include from util/reffreq.c. Closes: #479967.
only in patch2:
unchanged:
--- hf-0.8.orig/hfkernel/main.c
+++ hf-0.8/hfkernel/main.c
@@ -78,6 +78,11 @@
#include "alsa.h"
#endif /* HAVE_ALSA_ASOUNDLIB_H */
+#ifndef PID_FILE
+# define PID_FILE "/var/run/hfkernel.pid"
+#endif
+
+
/* --------------------------------------------------------------------- */
/* these variables take hfkernel's options */
@@ -154,6 +159,49 @@
}
}
+void kill_daemon()
+{
+ FILE *f;
+ int pid;
+
+ if (!(f = fopen (PID_FILE, "r")))
+ {
+ errstr( SEV_FATAL, "Failed to read from PID file");
+ exit(1);
+ }
+ fscanf (f, "%d", &pid);
+ fclose (f);
+
+ kill( SIGKILL, pid );
+ unlink( PID_FILE );
+ exit(1);
+}
+
+
+int write_pid()
+{
+ char buf[20];
+ int fd;
+ long pid;
+
+ if ((fd = open (PID_FILE, O_CREAT | O_TRUNC | O_WRONLY, 0600)) == -1)
+ {
+ errstr (SEV_FATAL, "cannot open pidfile for writing ");
+ exit(1);
+ }
+ else
+ {
+ pid = getpid ();
+ snprintf (buf, sizeof (buf), "%ld", (long) pid);
+ if (write (fd, buf, strlen (buf)) != strlen (buf))
+ {
+ errstr (SEV_FATAL, "cannot write to pidfile ");
+ exit(1);
+ }
+ close(fd);
+ }
+ return pid;
+}
/* --------------------------------------------------------------------- */
@@ -529,8 +577,8 @@
break;
case 'k':
- system ("killall hfkernel");
-
+ kill_daemon();
+ break;
case 'l':
logging = 1;
break;
@@ -635,6 +683,7 @@
exit(1);
}
+
if (logging)
openlog("hfkernel", LOG_PID, LOG_DAEMON);
printf("hfkernel %s starting...\n", PACKAGE_VERSION);
@@ -699,6 +748,8 @@
printf("Note: hfkernel is only part of the hf package.\n");
printf("It is controlled by the graphic terminal hfterm. To start them both, use the start script hf. In newer linuxes (kernel 2.6...) we need the syntax\n ÂŽLD_ASDSUME_KERNEL=2.2.5 hftermÂŽ, this is already prepared in the hf script. \n");
+ write_pid();
+
start_io_thread();
exit(0); }
pgpbDxy0OjLjd.pgp
Description: PGP signature
