From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <systemtap-cvs-return-6118-listarch-systemtap-cvs=sources.redhat.com@sourceware.org>
Received: (qmail 9662 invoked by alias); 17 Nov 2010 15:01:09 -0000
Received: (qmail 9630 invoked by uid 426); 17 Nov 2010 15:01:07 -0000
Date: Wed, 17 Nov 2010 15:01:00 -0000
Message-ID: <20101117150107.9618.qmail@sourceware.org>
From: fche@sourceware.org
To: systemtap-cvs@sourceware.org
Subject: [SCM] systemtap: system-wide probe/trace tool branch, master, updated. release-1.3-297-gb7565b4
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: b09417add4f6371f30515c318fe2fdeeb0c20ac1
X-Git-Newrev: b7565b41228bea196cefa3a7d43ab67f8f9152e2
Mailing-List: contact systemtap-cvs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <systemtap-cvs.sourceware.org>
List-Subscribe: <mailto:systemtap-cvs-subscribe@sourceware.org>
List-Post: <mailto:systemtap-cvs@sourceware.org>
List-Help: <mailto:systemtap-cvs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: systemtap-cvs-owner@sourceware.org
List-Archive: <http://sourceware.org/ml/systemtap-cvs/>
Reply-To: systemtap@sourceware.org
X-SW-Source: 2010-q4/txt/msg00081.txt.bz2

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "systemtap: system-wide probe/trace tool".

The branch, master has been updated
       via  b7565b41228bea196cefa3a7d43ab67f8f9152e2 (commit)
      from  b09417add4f6371f30515c318fe2fdeeb0c20ac1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b7565b41228bea196cefa3a7d43ab67f8f9152e2
Author: Frank Ch. Eigler <fche@elastic.org>
Date:   Wed Nov 17 09:57:23 2010 -0500

    CVE-2010-4170, CVE-2010-4171: staprun module loading/unloading security fixes
    
    We would like to thank Tavis Ormandy for reporting this issue.
    
    * runtime/staprun/staprun.c (enable_uprobes): Don't run /sbin/modprobe
      directly, since it takes more inputs than we have tried to sanitize.
      (remove_module): Call init_ctl_channel on putative stap module name,
      to check that it's our own stap module.
      (init_staprun): Do remove/retry via remove_module rather than
      underchecked delete_module(2).
    * runtime/staprun/ctl.c (init_ctl_channel): Check ownership of
      .ctl files, to preclude manipulation of some other stapusr member's modules.
    * runtime/staprun/Makefile.am, systemtap.spec: Install staprun as
      mode 04110, group stapusr.
    * README.security, runtime/staprun/staprun.8: Note new stapdev/stapusr
      joint requirements.

-----------------------------------------------------------------------

Summary of changes:
 README.security             |    6 +++---
 runtime/staprun/Makefile.am |    5 ++++-
 runtime/staprun/Makefile.in |   10 ++++++----
 runtime/staprun/ctl.c       |    3 +++
 runtime/staprun/staprun.8   |    8 ++++----
 runtime/staprun/staprun.c   |   29 ++++++++++++-----------------
 systemtap.spec              |    6 +++---
 7 files changed, 35 insertions(+), 32 deletions(-)


hooks/post-receive
--
systemtap: system-wide probe/trace tool