Ack: [quantal CVE 1/1] UBUNTU: [Packaging] supply perf with appropriate prefix to ensure use of local config
Brad Figg
brad.figg at canonical.com
Thu Aug 1 07:33:10 UTC 2013
On 07/31/2013 07:09 PM, Andy Whitcroft wrote:
> If we do not supply an installation prefix when we are building perf
> it will assume it is designed to run relative to the builders HOME.
> This means that as built on a buildd we will check for the system
> configuration relative to the buildd users home rather than in /etc.
> This implies a local user could use this to compromise other users _if_
> there is a buildd user installed on the system and they have access to it.
>
> CVE-2013-1060
> BugLink: http://bugs.launchpad.net/bugs/1206200
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
> ---
> debian/rules.d/2-binary-arch.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> index 23367bb..7a04bcb 100644
> --- a/debian/rules.d/2-binary-arch.mk
> +++ b/debian/rules.d/2-binary-arch.mk
> @@ -440,7 +440,7 @@ $(stampdir)/stamp-build-perarch: $(stampdir)/stamp-prepare-perarch
> @echo Debug: $@
> ifeq ($(do_tools),true)
> cd $(builddirpa)/tools/perf && \
> - make HAVE_CPLUS_DEMANGLE=1 CROSS_COMPILE=$(CROSS_COMPILE)
> + make prefix=/usr HAVE_CPLUS_DEMANGLE=1 CROSS_COMPILE=$(CROSS_COMPILE)
> if [ "$(arch)" = "amd64" ] || [ "$(arch)" = "i386" ]; then \
> cd $(builddirpa)/tools/power/x86/x86_energy_perf_policy && make CROSS_COMPILE=$(CROSS_COMPILE); \
> cd $(builddirpa)/tools/power/x86/turbostat && make CROSS_COMPILE=$(CROSS_COMPILE); \
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list