Bug#598309: Security unblock requests (ust/0.7-2.1)

Jon Bernard Wed, 01 Dec 2010 09:39:24 -0800

* Julien Cristau <jcris...@debian.org> wrote:
> On Wed, Dec  1, 2010 at 11:52:00 -0500, Jon Bernard wrote:
> 
> > diff -Nru ust-0.5/debian/changelog ust-0.5/debian/changelog
> > --- ust-0.5/debian/changelog        2010-07-02 11:34:52.000000000 -0400
> > +++ ust-0.5/debian/changelog        2010-11-30 21:23:43.000000000 -0500
> > @@ -1,3 +1,9 @@
> > +ust (0.5-1+squeeze1) testing; urgency=low
> > +
> > +  * Backport upstream fix for CVE-2010-3386 (Bug #598309)
> 
> You should close the bug in the changelog.


Good call, I'll s/Bug/Closes:/ in the upload.

> > +
> > + -- Jon Bernard <jbern...@debian.org>  Tue, 30 Nov 2010 21:21:25 -0500
> > +
> >  ust (0.5-1) unstable; urgency=low
> >  
> >    * [79cd16] Imported Upstream version 0.5
> > diff -Nru 
> > ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch
> >  
> > ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch
> > --- 
> > ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch
> >     1969-12-31 19:00:00.000000000 -0500
> > +++ 
> > ust-0.5/debian/patches/0001-Backport-upstream-fix-for-CVE-2010-3386-Bug-598309.patch
> >     2010-11-30 21:23:43.000000000 -0500
> > @@ -0,0 +1,84 @@
> > +From: Jon Bernard <jbern...@debian.org>
> > +Date: Tue, 30 Nov 2010 13:40:04 -0500
> > +Subject: [PATCH] Backport upstream fix for CVE-2010-3386 (Bug #598309)
> > +
> > +When there's an empty item on the colon-separated list of
> > +LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given
> > +script (usttrace) is executed from a directory where a potential, local,
> > +attacker can write files to, there's a chance to exploit this bug.
> > +
> > +This patch was applied upstream in version 0.8.
> > +---
> > + usttrace |   47 +++++++++++++++++++++++++++++++++++++----------
> > + 1 files changed, 37 insertions(+), 10 deletions(-)
> > +
> > +diff --git a/usttrace b/usttrace
> > +index dc159f2..5fdb52f 100755
> > +--- a/usttrace
> > ++++ b/usttrace
> > +@@ -132,27 +132,54 @@ fi
> > + 
> > +     if [ "$arg_preload_libust" = "1" ];
> > +     then
> > +-  if [ -n "${LIBUST_PATH%libust.so}" ] ; then
> > +-      export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}"
> > ++  if [ -n "${LIBUST_PATH%libust.so}" ];
> > ++  then
> > ++          if [ -n "$LD_LIBRARY_PATH" ];
> > ++          then
> > ++                  export 
> > LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}"
> > ++          else
> > ++                  export LD_LIBRARY_PATH="${LIBUST_PATH%libust.so}"
> > ++          fi
> > ++  fi
> > ++  if [ -n "$LIBUST_PATH" ];
> > ++  then
> > ++          if [ -n "$LD_PRELOAD" ];
> > ++          then
> > ++                  export LD_PRELOAD="$LD_PRELOAD:$LIBUST_PATH"
> > ++          else
> > ++                  export LD_PRELOAD="$LIBUST_PATH"
> > ++          fi
> > +   fi
> > +-  export LD_PRELOAD="$LD_PRELOAD:$LIBUST_PATH"
> > +     fi
> > + 
> > +-    if [ "$arg_ld_std_ust" = "1" ];
> > ++    if [ "$arg_ld_std_ust" = "1" ] && [ -n "${LIBUST_PATH%libust.so}" ];
> > +     then
> > +-  if [ -n "$${LIBUST_PATH%libust.so}" ] ; then
> > +-      export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}"
> > ++  if [ -n "$LD_LIBRARY_PATH" ];
> > ++  then
> > ++          export 
> > LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${LIBUST_PATH%libust.so}"
> > ++  else
> > ++          export LD_LIBRARY_PATH="${LIBUST_PATH%libust.so}"
> > +   fi
> > +     fi
> > + 
> > +-    if [ "$arg_preload_malloc" = "1" ];
> > ++    if [ "$arg_preload_malloc" = "1" ] && [ -n "$LIBMALLOCWRAP_PATH" ];
> > +     then
> > +-  export LD_PRELOAD="$LD_PRELOAD:$LIBMALLOCWRAP_PATH"
> > ++  if [ -n "$LD_PRELOAD" ];
> > ++  then
> > ++          export LD_PRELOAD="$LD_PRELOAD:$LIBMALLOCWRAP_PATH"
> > ++  else
> > ++          export LD_PRELOAD="$LIBMALLOCWRAP_PATH"
> > ++  fi
> > +     fi
> > + 
> > +-    if [ "$arg_preload_fork" = "1" ];
> > ++    if [ "$arg_preload_fork" = "1" ] && [ -n "$LIBINTERFORK_PATH" ];
> > +     then
> > +-  export LD_PRELOAD="$LD_PRELOAD:$LIBINTERFORK_PATH"
> > ++  if [ -n "$LD_PRELOAD" ];
> > ++  then
> > ++          export LD_PRELOAD="$LD_PRELOAD:$LIBINTERFORK_PATH"
> > ++  else
> > ++          export LD_PRELOAD="$LIBINTERFORK_PATH"
> > ++  fi
> > +     fi
> > + 
> > + # Execute the command
> > +-- 
> 
> The patch seems overly complicated, but I guess if that's what upstream
> went with it's ok...
> (e.g. LIBUST_PATH, LIBINTERFORK_PATH and LIBMALLOCWRAP_PATH can never be
> empty, as far as I can tell)

Yes, I agree. My thinking is that if another issue arises with the
package, at least it will contain code that upstream is familiar with.

Otherwise, no objections to upload?

-- 
Jon



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#598309: Security unblock requests (ust/0.7-2.1)

Reply via email to