[Bug 1122510] [NEW] Upstart does not handle configure's exec_prefix correctly

Kees Cook kees at ubuntu.com
Mon Feb 11 23:01:47 UTC 2013 

*** This bug is a security vulnerability ***

Public security bug reported:

If --exec_prefix is not defined during "configure", this code:

# Other checks
AC_MSG_CHECKING([whether to include sbindir in PATH])
eval upstart_sbindir=\"$sbindir\"
case $upstart_sbindir in
    /sbin|//sbin|/usr/sbin|/usr/local/sbin)
        AC_MSG_RESULT([no])
        ;;
    *)
        AC_MSG_RESULT([yes])
        AC_DEFINE_UNQUOTED([EXTRA_PATH], ["$upstart_sbindir"],
                           [Directory to append to path.])
        ;;
esac

will result in appending "NONE/sbin" to the PATH by default. This is a
dangerous condition, and should never happen. Ubuntu builds around this
by using "--exec_prefix=" to clear it, but Upstart itself should handle
the "NONE" condition correctly to avoid this for other distros that
don't happen to notice.

** Affects: upstart (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/1122510

Title:
  Upstart does not handle configure's exec_prefix correctly

Status in “upstart” package in Ubuntu:
  New

Bug description:
  If --exec_prefix is not defined during "configure", this code:

  # Other checks
  AC_MSG_CHECKING([whether to include sbindir in PATH])
  eval upstart_sbindir=\"$sbindir\"
  case $upstart_sbindir in
      /sbin|//sbin|/usr/sbin|/usr/local/sbin)
          AC_MSG_RESULT([no])
          ;;
      *)
          AC_MSG_RESULT([yes])
          AC_DEFINE_UNQUOTED([EXTRA_PATH], ["$upstart_sbindir"],
                             [Directory to append to path.])
          ;;
  esac

  will result in appending "NONE/sbin" to the PATH by default. This is a
  dangerous condition, and should never happen. Ubuntu builds around
  this by using "--exec_prefix=" to clear it, but Upstart itself should
  handle the "NONE" condition correctly to avoid this for other distros
  that don't happen to notice.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1122510/+subscriptions

More information about the foundations-bugs mailing list