Message ID | 1375294169-9567-2-git-send-email-apw@canonical.com |
---|---|
State | New |
Headers | show |
On 07/31/2013 07:09 PM, Andy Whitcroft wrote: > If we do not supply an installation prefix when we are building perf > it will assume it is designed to run relative to the builders HOME. > This means that as built on a buildd we will check for the system > configuration relative to the buildd users home rather than in /etc. > This implies a local user could use this to compromise other users _if_ > there is a buildd user installed on the system and they have access to it. > > CVE-2013-1060 > BugLink: http://bugs.launchpad.net/bugs/1206200 > Signed-off-by: Andy Whitcroft <apw@canonical.com> > --- > debian/rules.d/2-binary-arch.mk | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk > index 18b4401..7b62a57 100644 > --- a/debian/rules.d/2-binary-arch.mk > +++ b/debian/rules.d/2-binary-arch.mk > @@ -348,7 +348,7 @@ endif > > $(stampdir)/stamp-build-perarch: $(stampdir)/stamp-prepare-perarch > ifeq ($(do_tools),true) > - cd $(builddirpa)/tools-$*/tools/perf && make HAVE_CPLUS_DEMANGLE=1 $(conc_level) > + cd $(builddirpa)/tools-$*/tools/perf && make prefix=/usr HAVE_CPLUS_DEMANGLE=1 $(conc_level) > endif > @touch $@ > >
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index 18b4401..7b62a57 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -348,7 +348,7 @@ endif $(stampdir)/stamp-build-perarch: $(stampdir)/stamp-prepare-perarch ifeq ($(do_tools),true) - cd $(builddirpa)/tools-$*/tools/perf && make HAVE_CPLUS_DEMANGLE=1 $(conc_level) + cd $(builddirpa)/tools-$*/tools/perf && make prefix=/usr HAVE_CPLUS_DEMANGLE=1 $(conc_level) endif @touch $@
If we do not supply an installation prefix when we are building perf it will assume it is designed to run relative to the builders HOME. This means that as built on a buildd we will check for the system configuration relative to the buildd users home rather than in /etc. This implies a local user could use this to compromise other users _if_ there is a buildd user installed on the system and they have access to it. CVE-2013-1060 BugLink: http://bugs.launchpad.net/bugs/1206200 Signed-off-by: Andy Whitcroft <apw@canonical.com> --- debian/rules.d/2-binary-arch.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)