r22342 - in /desktop/lenny/glib2.0/debian: changelog patches/13_permissions_CVE-2009-3289.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Sat Nov 14 15:20:45 UTC 2009
Author: joss
Date: Sat Nov 14 15:20:45 2009
New Revision: 22342
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=22342
Log:
* SECURITY: 13_permissions_CVE-2009-3289.patch:
+ The g_file_copy function in glib 2.0 sets the permissions of a
target file to the permissions of a symbolic link (777), which
allows user-assisted local users to modify files of other users,
as demonstrated by using Nautilus to modify the permissions of the
user home directory.
+ Concatenation of 3 upstream patches, fixes CVE-2009-3289.
Added:
desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch
Modified:
desktop/lenny/glib2.0/debian/changelog
desktop/lenny/glib2.0/debian/patches/series
Modified: desktop/lenny/glib2.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/glib2.0/debian/changelog?rev=22342&op=diff
==============================================================================
--- desktop/lenny/glib2.0/debian/changelog [utf-8] (original)
+++ desktop/lenny/glib2.0/debian/changelog [utf-8] Sat Nov 14 15:20:45 2009
@@ -1,3 +1,15 @@
+glib2.0 (2.16.6-3) stable; urgency=low
+
+ * SECURITY: 13_permissions_CVE-2009-3289.patch:
+ + The g_file_copy function in glib 2.0 sets the permissions of a
+ target file to the permissions of a symbolic link (777), which
+ allows user-assisted local users to modify files of other users,
+ as demonstrated by using Nautilus to modify the permissions of the
+ user home directory.
+ + Concatenation of 3 upstream patches, fixes CVE-2009-3289.
+
+ -- Josselin Mouette <joss at debian.org> Sat, 14 Nov 2009 16:19:20 +0100
+
glib2.0 (2.16.6-2) stable; urgency=low
* 10_gfile_set_error.patch: new patch. Fix crashes in gvfs caused by
Added: desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch?rev=22342&op=file
==============================================================================
--- desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch (added)
+++ desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch [utf-8] Sat Nov 14 15:20:45 2009
@@ -1,0 +1,67 @@
+GNOME #593406
+CVE-2009-3289
+Commits:
+ e695c0932f5d02f3b222f0b7a3de1f8c00ba7b81
+ bb7852e34b1845e516290e1b45a960a345ee8a43
+ 48e0af0157f52ac12b904bd92540432a18b139c7
+Index: glib-2.16.6/gio/glocalfileinfo.c
+===================================================================
+--- glib-2.16.6.orig/gio/glocalfileinfo.c 2009-11-14 16:11:15.034730393 +0100
++++ glib-2.16.6/gio/glocalfileinfo.c 2009-11-14 16:12:20.654726351 +0100
+@@ -1707,15 +1707,36 @@ get_byte_string (const GFileAttributeVal
+
+ static gboolean
+ set_unix_mode (char *filename,
++ GFileQueryInfoFlags flags,
+ const GFileAttributeValue *value,
+ GError **error)
+ {
+ guint32 val;
++ int res = 0;
+
+ if (!get_uint32 (value, &val, error))
+ return FALSE;
+-
+- if (g_chmod (filename, val) == -1)
++
++#ifdef HAVE_SYMLINK
++ if (flags & G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS) {
++ struct stat statbuf;
++ /* Calling chmod on a symlink changes permissions on the symlink.
++ * We don't want to do this, so we need to check for a symlink */
++ res = g_lstat (filename, &statbuf);
++ if (res == 0 && S_ISLNK (statbuf.st_mode))
++ {
++ g_set_error_literal (error, G_IO_ERROR,
++ G_IO_ERROR_NOT_SUPPORTED,
++ _("Cannot set permissions on symlinks"));
++ return FALSE;
++ }
++ }
++#endif
++
++ if (res == 0)
++ res = g_chmod (filename, val);
++
++ if (res == -1)
+ {
+ int errsv = errno;
+
+@@ -1962,7 +1983,7 @@ _g_local_file_info_set_attribute (char
+ _g_file_attribute_value_set_from_pointer (&value, type, value_p, FALSE);
+
+ if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_MODE) == 0)
+- return set_unix_mode (filename, &value, error);
++ return set_unix_mode (filename, flags, &value, error);
+
+ #ifdef HAVE_CHOWN
+ else if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_UID) == 0)
+@@ -2063,7 +2084,7 @@ _g_local_file_info_set_attributes (char
+ value = _g_file_info_get_attribute_value (info, G_FILE_ATTRIBUTE_UNIX_MODE);
+ if (value)
+ {
+- if (!set_unix_mode (filename, value, error))
++ if (!set_unix_mode (filename, flags, value, error))
+ {
+ value->status = G_FILE_ATTRIBUTE_STATUS_ERROR_SETTING;
+ res = FALSE;
Modified: desktop/lenny/glib2.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/glib2.0/debian/patches/series?rev=22342&op=diff
==============================================================================
--- desktop/lenny/glib2.0/debian/patches/series [utf-8] (original)
+++ desktop/lenny/glib2.0/debian/patches/series [utf-8] Sat Nov 14 15:20:45 2009
@@ -3,4 +3,5 @@
03_blacklist-directories.patch
10_gfile_set_error.patch
12_base64-overflow-CVE-2008-4316.patch
+13_permissions_CVE-2009-3289.patch
60_wait-longer-for-threads-to-die.patch
More information about the pkg-gnome-commits
mailing list