unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob f095a44afb032ab47cc6631076c88a1297463502 1031 bytes (raw)
name: gnu/packages/patches/xinetd-CVE-2013-4342.patch 	 # note: path name is non-authoritative(*)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001
From: Thomas Swan <thomas.swan@gmail.com>
Date: Wed, 2 Oct 2013 23:17:17 -0500
Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for
 TCPMUX services

Originally reported to Debian in 2005 <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678> and rediscovered <https://bugzilla.redhat.com/show_bug.cgi?id=1006100>, xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root).
---
 xinetd/builtins.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xinetd/builtins.c b/xinetd/builtins.c
index 3b85579..34a5bac 100644
--- a/xinetd/builtins.c
+++ b/xinetd/builtins.c
@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
    if( SC_IS_INTERNAL( scp ) ) {
       SC_INTERNAL(scp, nserp);
    } else {
-      exec_server(nserp);
+      child_process(nserp);
    }
 }
 
-- 
2.7.4


debug log:

solving f095a44 ...
found f095a44 in https://yhetil.org/guix-devel/20170131.084916.1061110240342484370.post@thomasdanckaert.be/

applying [1/1] https://yhetil.org/guix-devel/20170131.084916.1061110240342484370.post@thomasdanckaert.be/
diff --git a/gnu/packages/patches/xinetd-CVE-2013-4342.patch b/gnu/packages/patches/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000..f095a44

1:30: trailing whitespace.
 
1:31: trailing whitespace.
-- 
Checking patch gnu/packages/patches/xinetd-CVE-2013-4342.patch...
1:33: new blank line at EOF.
+
Applied patch gnu/packages/patches/xinetd-CVE-2013-4342.patch cleanly.
warning: 3 lines add whitespace errors.

index at:
100644 f095a44afb032ab47cc6631076c88a1297463502	gnu/packages/patches/xinetd-CVE-2013-4342.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).