aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-protocols/quagga/files/CVE-2021-44038.patch
blob: bdb48a39936e01f6a505d137d991e1a80f593d41 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

From b2484f4df6414a6b3dd68b4069b79279c746cc27 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Fri Nov 11 09:07:22 UTC 2022
Subject: [PATCH] quagga: unsafe chown/chmod operations may lead to privileges escalation

Reference: https://bugzilla.suse.com/show_bug.cgi?id=1191890

Patch taken from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch

CVE: CVE-2021-44038
Signed-off-by: Marius Tomaschewski <mt@suse.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 redhat/bgpd.service   | 2 --
 redhat/isisd.service  | 2 --
 redhat/ospf6d.service | 2 --
 redhat/ospfd.service  | 2 --
 redhat/ripd.service   | 2 --
 redhat/ripngd.service | 2 --
 redhat/zebra.service  | 3 ---
 7 files changed, 15 deletions(-)

diff --git a/redhat/bgpd.service b/redhat/bgpd.service
index a50bfff..6f46a97 100644
--- a/redhat/bgpd.service
+++ b/redhat/bgpd.service
@@ -10,8 +10,6 @@ Documentation=man:bgpd
 [Service]
 Type=forking
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/bgpd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/bgpd.conf
 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf
 Restart=on-abort
 
diff --git a/redhat/isisd.service b/redhat/isisd.service
index 93663aa..c1464c0 100644
--- a/redhat/isisd.service
+++ b/redhat/isisd.service
@@ -10,8 +10,6 @@ Documentation=man:isisd
 [Service]
 Type=forking
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/isisd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/isisd.conf
 ExecStart=/usr/sbin/isisd -d $ISISD_OPTS -f /etc/quagga/isisd.conf
 Restart=on-abort
 
diff --git a/redhat/ospf6d.service b/redhat/ospf6d.service
index 3c1c978..d493429 100644
--- a/redhat/ospf6d.service
+++ b/redhat/ospf6d.service
@@ -10,8 +10,6 @@ Documentation=man:ospf6d
 [Service]
 Type=forking
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospf6d.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ospf6d.conf
 ExecStart=/usr/sbin/ospf6d -d $OSPF6D_OPTS -f /etc/quagga/ospf6d.conf
 Restart=on-abort
 
diff --git a/redhat/ospfd.service b/redhat/ospfd.service
index 0084b6c..6c84580 100644
--- a/redhat/ospfd.service
+++ b/redhat/ospfd.service
@@ -10,8 +10,6 @@ Documentation=man:ospfd
 [Service]
 Type=forking
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospfd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ospfd.conf
 ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf
 Restart=on-abort
 
diff --git a/redhat/ripd.service b/redhat/ripd.service
index 103b5a9..be0f75c 100644
--- a/redhat/ripd.service
+++ b/redhat/ripd.service
@@ -10,8 +10,6 @@ Documentation=man:ripd
 [Service]
 Type=forking
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ripd.conf
 ExecStart=/usr/sbin/ripd -d $RIPD_OPTS -f /etc/quagga/ripd.conf
 Restart=on-abort
 
diff --git a/redhat/ripngd.service b/redhat/ripngd.service
index 6fe6ba8..23447da 100644
--- a/redhat/ripngd.service
+++ b/redhat/ripngd.service
@@ -10,8 +10,6 @@ Documentation=man:ripngd
 [Service]
 Type=forking
 EnvironmentFile=/etc/sysconfig/quagga
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ripngd.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /etc/quagga/ripngd.conf
 ExecStart=/usr/sbin/ripngd -d $RIPNGD_OPTS -f /etc/quagga/ripngd.conf
 Restart=on-abort
 
diff --git a/redhat/zebra.service b/redhat/zebra.service
index fa5a004..e3cf0ab 100644
--- a/redhat/zebra.service
+++ b/redhat/zebra.service
@@ -10,9 +10,6 @@ Documentation=man:zebra
 Type=forking
 EnvironmentFile=-/etc/sysconfig/quagga
 ExecStartPre=/sbin/ip route flush proto zebra
-ExecStartPre=-/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf
-ExecStartPre=-/bin/chown -f $QUAGGA_USER:$QUAGGA_GROUP /run/quagga /etc/quagga/zebra.conf
-ExecStartPre=-/bin/chown -f ${QUAGGA_USER}${VTY_GROUP:+":$VTY_GROUP"} quaggavty /etc/quagga/vtysh.conf
 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf
 Restart=on-abort
 
-- 
2.25.1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-01 00:54:09 +0000