Patchwork [lucid/fsl-imx51,maverick,maverick/ti-omap4,natty,natty/ti-omap4,CVE,1/1] perf tools: do not look at ./config for configuration

From: Jonathan Nieder <jrnieder@gmail.com>

In addition to /etc/perfconfig and $HOME/.perfconfig, perf looks for
configuration in the file ./config, imitating git which looks at
$GIT_DIR/config.  If ./config is not a perf configuration file, it
fails, or worse, treats it as a configuration file and changes behavior
in some unexpected way.

"config" is not an unusual name for a file to be lying around and perf
does not have a private directory dedicated for its own use, so let's
just stop looking for configuration in the cwd.  Callers needing
context-sensitive configuration can use the PERF_CONFIG environment
variable.

Requested-by: Christian Ohm <chr.ohm@gmx.net>
Cc: 632923@bugs.debian.org
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Christian Ohm <chr.ohm@gmx.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/20110805165838.GA7237@elie.gateway.2wire.net
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

(cherry picked from commit aba8d056078e47350d85b06a9cabd5afcc4b72ea)
CVE-2011-2905
BugLink: http://bugs.launchpad.net/bugs/869259
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 tools/perf/util/config.c |    7 -------
 1 files changed, 0 insertions(+), 7 deletions(-)

On Fri, Oct 07, 2011 at 06:55:37PM +0100, Andy Whitcroft wrote:
> From: Jonathan Nieder <jrnieder@gmail.com>
> 
> In addition to /etc/perfconfig and $HOME/.perfconfig, perf looks for
> configuration in the file ./config, imitating git which looks at
> $GIT_DIR/config.  If ./config is not a perf configuration file, it
> fails, or worse, treats it as a configuration file and changes behavior
> in some unexpected way.
> 
> "config" is not an unusual name for a file to be lying around and perf
> does not have a private directory dedicated for its own use, so let's
> just stop looking for configuration in the cwd.  Callers needing
> context-sensitive configuration can use the PERF_CONFIG environment
> variable.
> 
> Requested-by: Christian Ohm <chr.ohm@gmx.net>
> Cc: 632923@bugs.debian.org
> Cc: Ben Hutchings <ben@decadent.org.uk>
> Cc: Christian Ohm <chr.ohm@gmx.net>
> Cc: Ingo Molnar <mingo@elte.hu>
> Cc: Paul Mackerras <paulus@samba.org>
> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
> Link: http://lkml.kernel.org/r/20110805165838.GA7237@elie.gateway.2wire.net
> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
> 
> (cherry picked from commit aba8d056078e47350d85b06a9cabd5afcc4b72ea)
> CVE-2011-2905
> BugLink: http://bugs.launchpad.net/bugs/869259
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
>  tools/perf/util/config.c |    7 -------
>  1 files changed, 0 insertions(+), 7 deletions(-)
> 
> diff --git a/tools/perf/util/config.c b/tools/perf/util/config.c
> index 780df54..07a212e 100644
> --- a/tools/perf/util/config.c
> +++ b/tools/perf/util/config.c
> @@ -415,7 +415,6 @@ int perf_config_global(void)
>  int perf_config(config_fn_t fn, void *data)
>  {
>  	int ret = 0, found = 0;
> -	char *repo_config = NULL;
>  	const char *home = NULL;
>  
>  	/* Setting $PERF_CONFIG makes perf read _only_ the given config file. */
> @@ -437,12 +436,6 @@ int perf_config(config_fn_t fn, void *data)
>  		free(user_config);
>  	}
>  
> -	repo_config = perf_pathdup("config");
> -	if (!access(repo_config, R_OK)) {
> -		ret += perf_config_from_file(fn, repo_config, data);
> -		found += 1;
> -	}
> -	free(repo_config);
>  	if (found == 0)
>  		return -1;
>  	return ret;
> -- 
> 1.7.4.1

Acked-by: Seth Forshee <seth.forshee@canonical.com>