public inbox for systemtap-cvs@sourceware.org help / color / mirror / Atom feed
From: fche@sourceware.org To: systemtap-cvs@sourceware.org Subject: [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-1.3-297-gb7565b4 Date: Wed, 17 Nov 2010 15:01:00 -0000 [thread overview] Message-ID: <20101117150107.9618.qmail@sourceware.org> (raw) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "systemtap: system-wide probe/trace tool". The branch, master has been updated via b7565b41228bea196cefa3a7d43ab67f8f9152e2 (commit) from b09417add4f6371f30515c318fe2fdeeb0c20ac1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b7565b41228bea196cefa3a7d43ab67f8f9152e2 Author: Frank Ch. Eigler <fche@elastic.org> Date: Wed Nov 17 09:57:23 2010 -0500 CVE-2010-4170, CVE-2010-4171: staprun module loading/unloading security fixes We would like to thank Tavis Ormandy for reporting this issue. * runtime/staprun/staprun.c (enable_uprobes): Don't run /sbin/modprobe directly, since it takes more inputs than we have tried to sanitize. (remove_module): Call init_ctl_channel on putative stap module name, to check that it's our own stap module. (init_staprun): Do remove/retry via remove_module rather than underchecked delete_module(2). * runtime/staprun/ctl.c (init_ctl_channel): Check ownership of .ctl files, to preclude manipulation of some other stapusr member's modules. * runtime/staprun/Makefile.am, systemtap.spec: Install staprun as mode 04110, group stapusr. * README.security, runtime/staprun/staprun.8: Note new stapdev/stapusr joint requirements. ----------------------------------------------------------------------- Summary of changes: README.security | 6 +++--- runtime/staprun/Makefile.am | 5 ++++- runtime/staprun/Makefile.in | 10 ++++++---- runtime/staprun/ctl.c | 3 +++ runtime/staprun/staprun.8 | 8 ++++---- runtime/staprun/staprun.c | 29 ++++++++++++----------------- systemtap.spec | 6 +++--- 7 files changed, 35 insertions(+), 32 deletions(-) hooks/post-receive -- systemtap: system-wide probe/trace tool
reply other threads:[~2010-11-17 15:01 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20101117150107.9618.qmail@sourceware.org \ --to=fche@sourceware.org \ --cc=systemtap-cvs@sourceware.org \ --cc=systemtap@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).