[SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-1.3-297-gb7565b4

public inbox for systemtap-cvs@sourceware.org
help / color / mirror / Atom feed

* [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-1.3-297-gb7565b4
@ 2010-11-17 15:01 fche
  0 siblings, 0 replies; only message in thread
From: fche @ 2010-11-17 15:01 UTC (permalink / raw)
  To: systemtap-cvs

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "systemtap: system-wide probe/trace tool".

The branch, master has been updated
       via  b7565b41228bea196cefa3a7d43ab67f8f9152e2 (commit)
      from  b09417add4f6371f30515c318fe2fdeeb0c20ac1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b7565b41228bea196cefa3a7d43ab67f8f9152e2
Author: Frank Ch. Eigler <fche@elastic.org>
Date:   Wed Nov 17 09:57:23 2010 -0500

    CVE-2010-4170, CVE-2010-4171: staprun module loading/unloading security fixes
    
    We would like to thank Tavis Ormandy for reporting this issue.
    
    * runtime/staprun/staprun.c (enable_uprobes): Don't run /sbin/modprobe
      directly, since it takes more inputs than we have tried to sanitize.
      (remove_module): Call init_ctl_channel on putative stap module name,
      to check that it's our own stap module.
      (init_staprun): Do remove/retry via remove_module rather than
      underchecked delete_module(2).
    * runtime/staprun/ctl.c (init_ctl_channel): Check ownership of
      .ctl files, to preclude manipulation of some other stapusr member's modules.
    * runtime/staprun/Makefile.am, systemtap.spec: Install staprun as
      mode 04110, group stapusr.
    * README.security, runtime/staprun/staprun.8: Note new stapdev/stapusr
      joint requirements.

-----------------------------------------------------------------------

Summary of changes:
 README.security             |    6 +++---
 runtime/staprun/Makefile.am |    5 ++++-
 runtime/staprun/Makefile.in |   10 ++++++----
 runtime/staprun/ctl.c       |    3 +++
 runtime/staprun/staprun.8   |    8 ++++----
 runtime/staprun/staprun.c   |   29 ++++++++++++-----------------
 systemtap.spec              |    6 +++---
 7 files changed, 35 insertions(+), 32 deletions(-)


hooks/post-receive
--
systemtap: system-wide probe/trace tool


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2010-11-17 15:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-11-17 15:01 [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-1.3-297-gb7565b4 fche

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).