gnu: rush: Fix CVE-2013-6889.

* gnu/packages/patches/rush-CVE-2013-6889.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/rush.scm (rush): Use it.
This commit is contained in:
Ludovic Courtès 2016-05-26 22:51:12 +02:00
parent f01c461994
commit 2ca55f939c
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
3 changed files with 27 additions and 2 deletions

View File

@ -717,6 +717,7 @@ dist_patch_DATA = \
%D%/packages/patches/ripperx-missing-file.patch \
%D%/packages/patches/rsem-makefile.patch \
%D%/packages/patches/ruby-symlinkfix.patch \
%D%/packages/patches/rush-CVE-2013-6889.patch \
%D%/packages/patches/sed-hurd-path-max.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \

View File

@ -0,0 +1,23 @@
commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
Author: Mats Erik Andersson <gnu@gisladisker.se>
Date: Mon Jan 20 13:33:52 2014 +0200
Protect against CVE-2013-6889 (tiny change).
Reset the effective user identification in testing mode.
diff --git a/src/rush.c b/src/rush.c
index 45d737a..dc6518e 100644
--- a/src/rush.c
+++ b/src/rush.c
@@ -980,6 +980,10 @@ main(int argc, char **argv)
} else if (argc > optind)
die(usage_error, NULL, _("invalid command line"));
+ /* Relinquish root privileges in test mode */
+ if (lint_option)
+ setuid(getuid());
+
if (test_user_name) {
struct passwd *pw = getpwnam(test_user_name);
if (!pw)

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -36,7 +36,8 @@
(sha256
(base32
"0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm"))
(patches (search-patches "cpio-gets-undeclared.patch"))))
(patches (search-patches "cpio-gets-undeclared.patch"
"rush-CVE-2013-6889.patch"))))
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/rush/")
(synopsis "Restricted user (login) shell")