r22342 - in /desktop/lenny/glib2.0/debian: changelog patches/13_permissions_CVE-2009-3289.patch patches/series

Sat Nov 14 15:20:45 UTC 2009

Author: joss
Date: Sat Nov 14 15:20:45 2009
New Revision: 22342

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=22342
Log:
* SECURITY: 13_permissions_CVE-2009-3289.patch:
  + The g_file_copy function in glib 2.0 sets the permissions of a 
    target file to the permissions of a symbolic link (777), which 
    allows user-assisted local users to modify files of other users, 
    as demonstrated by using Nautilus to modify the permissions of the 
    user home directory.
  + Concatenation of 3 upstream patches, fixes CVE-2009-3289.

Added:
    desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch
Modified:
    desktop/lenny/glib2.0/debian/changelog
    desktop/lenny/glib2.0/debian/patches/series

Modified: desktop/lenny/glib2.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/glib2.0/debian/changelog?rev=22342&op=diff
==============================================================================

--- desktop/lenny/glib2.0/debian/changelog [utf-8] (original)
+++ desktop/lenny/glib2.0/debian/changelog [utf-8] Sat Nov 14 15:20:45 2009
@@ -1,3 +1,15 @@
+glib2.0 (2.16.6-3) stable; urgency=low
+
+  * SECURITY: 13_permissions_CVE-2009-3289.patch:
+    + The g_file_copy function in glib 2.0 sets the permissions of a 
+      target file to the permissions of a symbolic link (777), which 
+      allows user-assisted local users to modify files of other users, 
+      as demonstrated by using Nautilus to modify the permissions of the 
+      user home directory.
+    + Concatenation of 3 upstream patches, fixes CVE-2009-3289.
+
+ -- Josselin Mouette <joss at debian.org>  Sat, 14 Nov 2009 16:19:20 +0100
+
 glib2.0 (2.16.6-2) stable; urgency=low
 
   * 10_gfile_set_error.patch: new patch. Fix crashes in gvfs caused by 

Added: desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch?rev=22342&op=file
==============================================================================
--- desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch (added)
+++ desktop/lenny/glib2.0/debian/patches/13_permissions_CVE-2009-3289.patch [utf-8] Sat Nov 14 15:20:45 2009
@@ -1,0 +1,67 @@
+GNOME #593406
+CVE-2009-3289
+Commits:
+ e695c0932f5d02f3b222f0b7a3de1f8c00ba7b81
+ bb7852e34b1845e516290e1b45a960a345ee8a43
+ 48e0af0157f52ac12b904bd92540432a18b139c7
+Index: glib-2.16.6/gio/glocalfileinfo.c
+===================================================================
+--- glib-2.16.6.orig/gio/glocalfileinfo.c	2009-11-14 16:11:15.034730393 +0100
++++ glib-2.16.6/gio/glocalfileinfo.c	2009-11-14 16:12:20.654726351 +0100
+@@ -1707,15 +1707,36 @@ get_byte_string (const GFileAttributeVal
+ 
+ static gboolean
+ set_unix_mode (char                       *filename,
++               GFileQueryInfoFlags         flags,
+ 	       const GFileAttributeValue  *value,
+ 	       GError                    **error)
+ {
+   guint32 val;
++  int res = 0;
+   
+   if (!get_uint32 (value, &val, error))
+     return FALSE;
+-  
+-  if (g_chmod (filename, val) == -1)
++
++#ifdef HAVE_SYMLINK
++  if (flags & G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS) {
++    struct stat statbuf;
++    /* Calling chmod on a symlink changes permissions on the symlink.
++     * We don't want to do this, so we need to check for a symlink */
++    res = g_lstat (filename, &statbuf);
++    if (res == 0 && S_ISLNK (statbuf.st_mode))
++      {
++        g_set_error_literal (error, G_IO_ERROR,
++                             G_IO_ERROR_NOT_SUPPORTED,
++                             _("Cannot set permissions on symlinks"));
++        return FALSE;
++      }
++  }
++#endif
++
++  if (res == 0)
++    res = g_chmod (filename, val);
++
++  if (res == -1)
+     {
+       int errsv = errno;
+ 
+@@ -1962,7 +1983,7 @@ _g_local_file_info_set_attribute (char  
+   _g_file_attribute_value_set_from_pointer (&value, type, value_p, FALSE);
+   
+   if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_MODE) == 0)
+-    return set_unix_mode (filename, &value, error);
++    return set_unix_mode (filename, flags, &value, error);
+   
+ #ifdef HAVE_CHOWN
+   else if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_UID) == 0)
+@@ -2063,7 +2084,7 @@ _g_local_file_info_set_attributes  (char
+   value = _g_file_info_get_attribute_value (info, G_FILE_ATTRIBUTE_UNIX_MODE);
+   if (value)
+     {
+-      if (!set_unix_mode (filename, value, error))
++      if (!set_unix_mode (filename, flags, value, error))
+ 	{
+ 	  value->status = G_FILE_ATTRIBUTE_STATUS_ERROR_SETTING;
+ 	  res = FALSE;

Modified: desktop/lenny/glib2.0/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/glib2.0/debian/patches/series?rev=22342&op=diff
==============================================================================
--- desktop/lenny/glib2.0/debian/patches/series [utf-8] (original)
+++ desktop/lenny/glib2.0/debian/patches/series [utf-8] Sat Nov 14 15:20:45 2009
@@ -3,4 +3,5 @@
 03_blacklist-directories.patch
 10_gfile_set_error.patch
 12_base64-overflow-CVE-2008-4316.patch
+13_permissions_CVE-2009-3289.patch
 60_wait-longer-for-threads-to-die.patch


