Project

General

Profile

« Previous | Next » 

Revision 8d0550e4

Added by Alexis Mousset over 6 years ago

Fixes #11288: Upgrade agent to CFEngine 3.10.2

View differences:

rudder-agent/SOURCES/Makefile
RUDDER_VERSION_TO_PACKAGE = <put Rudder version or version-snapshot here>
RUDDER_MAJOR_VERSION := $(shell echo ${RUDDER_VERSION_TO_PACKAGE} | cut -d'.' -f 1-2)
CFENGINE_RELEASE = 3.10.0
CFENGINE_RELEASE = 3.10.2
FUSION_RELEASE = 2.3.19
LMDB_RELEASE = 0.9.18
OPENSSL_RELEASE = 1.0.2l
rudder-agent/SOURCES/patches/cfengine/31-fix-symlink-traversal.patch
diff -upr cfengine-a/libutils/file_lib.c cfengine-b/libutils/file_lib.c
--- cfengine-a/libutils/file_lib.c 2016-11-01 08:47:08.000000000 +0100
+++ cfengine-b/libutils/file_lib.c 2016-11-25 18:21:44.163553332 +0100
@@ -387,6 +387,7 @@ int safe_open(const char *pathname, int
bool trunc = false;
const int orig_flags = flags;
char *next_component = path;
+ bool p_uid;
if (*next_component == '/')
{
@@ -408,6 +409,9 @@ int safe_open(const char *pathname, int
return -1;
}
+ // current process user id
+ p_uid = geteuid();
+
size_t final_size = (size_t) -1;
while (next_component)
{
@@ -558,8 +562,13 @@ int safe_open(const char *pathname, int
close(currentfd);
return -1;
}
- if (stat_before.st_uid != stat_after.st_uid ||
- stat_before.st_gid != stat_after.st_gid)
+ // The probable logic behind the user matching test is that some attacks use symlink creation to exploit a race condition
+ // This attack is not useful if the symlink has been created by root
+ // This attack is not useful if the process's user is the owner of the symlink
+ // As everyone use symlink for server administration, we reenable those cases.
+ if ( stat_before.st_uid != 0 &&
+ stat_before.st_uid != p_uid &&
+ (stat_before.st_uid != stat_after.st_uid || stat_before.st_gid != stat_after.st_gid) )
{
close(currentfd);
// Return ENOLINK to signal that the link cannot be followed
@@ -736,6 +745,7 @@ static int safe_open_true_parent_dir(con
char *parent_dir = dirname(parent_dir_alloc);
char *leaf = basename(leaf_alloc);
struct stat statbuf;
+ uid_t p_uid = geteuid();
if ((dirfd = safe_open(parent_dir, O_RDONLY)) == -1)
{
@@ -747,7 +757,14 @@ static int safe_open_true_parent_dir(con
goto cleanup;
}
- if (traversed_link && (link_user != statbuf.st_uid || link_group != statbuf.st_gid))
+ // The probable logic behind the user matching test is that some attacks use symlink creation to exploit a race condition
+ // This attack is not useful if the symlink has been created by root
+ // This attack is not useful if the process's user is the owner of the symlink
+ // As everyone use symlink for server administration, we reenable those cases.
+ if ( traversed_link &&
+ link_user != 0 &&
+ link_user != p_uid &&
+ (link_user != statbuf.st_uid || link_group != statbuf.st_gid) )
{
errno = ENOLINK;
ret = -1;
rudder-agent/SOURCES/patches/cfengine/50-build-with-pcre.patch
diff -ruN cfengine-source/cf-key/Makefile.am cfengine-source.new/cf-key/Makefile.am
--- cfengine-source/cf-key/Makefile.am 2016-11-01 08:47:08.000000000 +0100
+++ cfengine-source.new/cf-key/Makefile.am 2016-12-01 16:24:37.521436465 +0100
@@ -28,10 +28,12 @@
-I$(srcdir)/../libutils \
-I$(srcdir)/../libcfnet \
-I$(srcdir)/../libpromises \
+ $(PCRE_CPPFLAGS) \
$(ENTERPRISE_CPPFLAGS)
AM_CFLAGS = \
$(OPENSSL_CFLAGS) \
+ $(PCRE_CFLAGS) \
$(ENTERPRISE_CFLAGS)
libcf_key_la_SOURCES = \
diff -ruN cfengine-source/cf-key/Makefile.in cfengine-source.new/cf-key/Makefile.in
--- cfengine-source/cf-key/Makefile.in 2016-11-01 08:47:50.000000000 +0100
+++ cfengine-source.new/cf-key/Makefile.in 2016-12-01 16:25:02.017436542 +0100
@@ -427,10 +427,12 @@
-I$(srcdir)/../libutils \
-I$(srcdir)/../libcfnet \
-I$(srcdir)/../libpromises \
+ $(PCRE_CPPFLAGS) \
$(ENTERPRISE_CPPFLAGS)
AM_CFLAGS = \
$(OPENSSL_CFLAGS) \
+ $(PCRE_CFLAGS) \
$(ENTERPRISE_CFLAGS)
libcf_key_la_SOURCES = \

Also available in: Unified diff