packages/libcap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:9f5bb1b0c1b8405fb420849d47a96a1d1efbe344
Branches Tags
packages:main
..
compare: packages:372f159a280b4b9ce0f39df0b45d48c522963785
Branches Tags
packages:main

No commits in common. "9f5bb1b0c1b8405fb420849d47a96a1d1efbe344" and "372f159a280b4b9ce0f39df0b45d48c522963785" have entirely different histories.
9f5bb1b0c1 ... 372f159a28

9 changed files with 1 additions and 365 deletions
Show Stats Expand all files Collapse all files

53
backport-Address-some-static-analysis-observations.patch
View File

@ -1,53 +0,0 @@
From a044d8b496ef598c61f0634172c742bd52ccf776 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Fri, 15 Nov 2024 07:26:42 -0800
Subject: [PATCH] Address some static analysis observations.
These were reported by Carlos Rodriguez-Fernandez with respect
to some analysis performed on the Fedora libcap-2.71 package.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
libcap/execable.h | 1 +
pam_cap/pam_cap.c | 6 +++++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libcap/execable.h b/libcap/execable.h
index 7a2d247..89e61a3 100644
--- a/libcap/execable.h
+++ b/libcap/execable.h
@@ -38,6 +38,7 @@ static void __execable_parse_args(int *argc_p, char ***argv_p)
char *new_mem = realloc(mem, size+1);
if (new_mem == NULL) {
perror("unable to parse arguments");
+ fclose(f);
if (mem != NULL) {
free(mem);
}
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 3fe3b8c..24de329 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -170,7 +170,8 @@ static char *read_capabilities_for_user(const char *user, const char *source)
int i;
for (i=0; i < groups_n; i++) {
- if (!strcmp(groups[i], line+1)) {
+ const char *g = groups[i];
+ if (g != NULL && !strcmp(g, line+1)) {
D(("user group matched [%s]", line));
found_one = 1;
break;
@@ -283,6 +284,9 @@ static int set_capabilities(struct pam_cap_s *cs)
goto cleanup_cap_s;
}
conf_caps = strdup(cs->fallback);
+ if (conf_caps == NULL) {
+ goto cleanup_cap_s;
+ }
D(("user [%s] received fallback caps [%s]", cs->user, conf_caps));
}
--
2.33.0

32
backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch
View File

@ -1,32 +0,0 @@
From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Date: Mon, 17 Feb 2025 10:31:55 +0800
Subject: [PATCH] pam_cap: Fix potential configuration parsing error
The current configuration parsing does not actually skip user names
that do not start with @, but instead treats the name as a group
name for further parsing, which can result in matching unexpected
capability sets and may trigger potential security issues. Only
names starting with @ should be parsed as group names.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
pam_cap/pam_cap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 24de329..3ec99bb 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
if (line[0] != '@') {
D(("user [%s] is not [%s] - skipping", user, line));
+ continue;
}
int i;
--
2.33.0

41
backport-Correct-the-check-of-pthread_create-s-return-value.patch
View File

@ -1,41 +0,0 @@
From bc6b36682f188020ee4770fae1d41bde5b2c97bb Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Wed, 3 May 2023 19:18:36 -0700
Subject: [PATCH] Correct the check of pthread_create()'s return value.
This function returns a positive number (errno) on error, so the code
wasn't previously freeing some memory in this situation.
Discussion:
https://stackoverflow.com/a/3581020/14760867
Credit for finding this bug in libpsx goes to David Gstir of
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
audit of the libcap source code in April of 2023. The audit
was sponsored by the Open Source Technology Improvement Fund
(https://ostif.org/).
Audit ref: LCAP-CR-23-01 (CVE-2023-2602)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
psx/psx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psx/psx.c b/psx/psx.c
index d9c0485..65eb2aa 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -516,7 +516,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
- if (ret == -1) {
+ if (ret > 0) {
psx_new_state(_PSX_CREATE, _PSX_IDLE);
memset(starter, 0, sizeof(*starter));
free(starter);
--
2.27.0

55
backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
View File

@ -1,55 +0,0 @@
From 422bec25ae4a1ab03fd4d6f728695ed279173b18 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Wed, 3 May 2023 19:44:22 -0700
Subject: [PATCH] Large strings can confuse libcap's internal strdup code.
Avoid something subtle with really long strings: 1073741823 should
be enough for anybody. This is an improved fix over something attempted
in libcap-2.55 to address some static analysis findings.
Reviewing the library, cap_proc_root() and cap_launcher_set_chroot()
are the only two calls where the library is potentially exposed to a
user controlled string input.
Credit for finding this bug in libcap goes to Richard Weinberger of
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security audit
of the libcap source code in April of 2023. The audit was sponsored
by the Open Source Technology Improvement Fund (https://ostif.org/).
Audit ref: LCAP-CR-23-02 (CVE-2023-2603)
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
libcap/cap_alloc.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
index 59fe503..504abd2 100644
--- a/libcap/cap_alloc.c
+++ b/libcap/cap_alloc.c
@@ -106,15 +106,17 @@ __attribute__((visibility ("hidden"))) char *_libcap_strdup(const char *old)
errno = EINVAL;
return NULL;
}
- len = strlen(old) + 1 + 2*sizeof(__u32);
- if (len < sizeof(struct _cap_alloc_s)) {
- len = sizeof(struct _cap_alloc_s);
- }
- if ((len & 0xffffffff) != len) {
+
+ len = strlen(old);
+ if ((len & 0x3fffffff) != len) {
_cap_debug("len is too long for libcap to manage");
errno = EINVAL;
return NULL;
}
+ len += 1 + 2*sizeof(__u32);
+ if (len < sizeof(struct _cap_alloc_s)) {
+ len = sizeof(struct _cap_alloc_s);
+ }
raw_data = calloc(1, len);
if (raw_data == NULL) {
--
2.27.0

45
backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch
View File

@ -1,45 +0,0 @@
From ee20d385ef319f8523f1debc49f375c8eff257a6 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Fri, 22 Dec 2023 06:37:02 -0800
Subject: Stop using _pam_overwrite() in pam_cap.c.
It looks like the Linux-PAM folk have deprecated this macro. Compiler optimization
is hard to account for: apparently this explicit deletion is no longer
guaranteed to work. This function was marked deprecated in v1.5.3 of Linux-PAM.
I've replaced its use with memset(). I'm not convinced that that will be honored
either, but remain hopeful and prefer to leave the code explicit in its intent
without a deprecation warning messing up the build log. Should some compiler
optimize it away and it leads to an exploit of some sort, it can be revealed as
a compilation bug.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
pam_cap/pam_cap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index b9419cb..3fe3b8c 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -199,7 +199,7 @@ defer:
int i;
for (i = 0; i < groups_n; i++) {
char *g = groups[i];
- _pam_overwrite(g);
+ memset(g, 0, strlen(g));
_pam_drop(g);
}
if (groups != NULL) {
@@ -440,7 +440,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
small race associated with a redundant read of the
config. */
- _pam_overwrite(conf_caps);
+ memset(conf_caps, 0, strlen(conf_caps));
_pam_drop(conf_caps);
return PAM_SUCCESS;
--
cgit 1.2.3-korg

48
backport-There-was-a-small-memory-leak-in-pam_cap.so-when-lib.patch
View File

@ -1,48 +0,0 @@
From 917c8b5d3450870b4f25fd4a5a5198faa9de9aeb Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Wed, 3 May 2023 20:12:52 -0700
Subject: [PATCH] There was a small memory leak in pam_cap.so when libpam
returned an error.
The function pam_set_data() takes ownership of a memory pointer if
the call succeeds, but does not take that ownership if the function
fails. Previously, the failure caused no deferred capability setting and
a return code PAM_IGNORE. It continues to do that in this case, but no
longer leaks the allocated iab memory.
This bug was introduced with deferred IAB capability setting support in
libcap-2.58.
Credit for finding this bug in pam_cap.so goes to X41 D-Sec GmbH
(https://x41-dsec.de/) who performed a security audit of the libcap
source code in April of 2023. The audit was sponsored by the Open
Source Technology Improvement Fund (https://ostif.org/).
Audit ref: LCAP-CR-23-100
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
pam_cap/pam_cap.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 7e8cade..91278dc 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -290,7 +290,12 @@ static int set_capabilities(struct pam_cap_s *cs)
if (cs->defer) {
D(("configured to delay applying IAB"));
- pam_set_data(cs->pamh, "pam_cap_iab", iab, iab_apply);
+ int ret = pam_set_data(cs->pamh, "pam_cap_iab", iab, iab_apply);
+ if (ret != PAM_SUCCESS) {
+ D(("unable to cache capabilities for delayed setting: %d", ret));
+ /* since ok=0, the module will return PAM_IGNORE */
+ cap_free(iab);
+ }
iab = NULL;
} else if (!cap_iab_set_proc(iab)) {
D(("able to set the IAB [%s] value", conf_caps));
--
2.27.0

27
backport-getpcaps-fix-program-name-in-help-message.patch
View File

@ -1,27 +0,0 @@
From 17c5e89521fd0455a8f18563eb37e5ddbc7d34cb Mon Sep 17 00:00:00 2001
From: Jakub Wilk <jwilk@jwilk.net>
Date: Mon, 29 Jan 2024 11:33:40 +0100
Subject: getpcaps: fix program name in help message
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
progs/getpcaps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/progs/getpcaps.c b/progs/getpcaps.c
index 7e14c36..b4cbda8 100644
--- a/progs/getpcaps.c
+++ b/progs/getpcaps.c
@@ -14,7 +14,7 @@
static void usage(int code)
{
fprintf(stderr,
-"usage: getcaps <pid> [<pid> ...]\n\n"
+"usage: getpcaps <pid> [<pid> ...]\n\n"
" This program displays the capabilities on the queried process(es).\n"
" The capabilities are displayed in the cap_from_text(3) format.\n"
"\n"
--
cgit 1.2.3-korg

38
backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch
View File

@ -1,38 +0,0 @@
From 41997af6891658ab511c014e20f7846945c11742 Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Mon, 9 Aug 2021 17:32:20 +0800
Subject: [PATCH] [Backport] libcap: Ensure the XATTR_NAME_CAPS is defined when
it is used
VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build
libcap-native in old release, like CentOS release 6.7 (Final), with the blow
error:
cap_file.c: In function cap_get_fd:
cap_file.c:199: error: XATTR_NAME_CAPS undeclared (first use in this function)
cap_file.c:199: error: (Each undeclared identifier is reported only once
Reference: http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: lichi <lichi7@huawei.com>
Signed-off-by: luchangkun <luchangkun@h-partners.com>
Signed-off-by: huangyaojun <huangyaojun@huawei.com>
---
libcap/cap_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 4178705..1e6a28e 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -45,7 +45,7 @@ extern int fremovexattr(int, const char *);
#include "libcap.h"
-#ifdef VFS_CAP_U32
+#if defined (VFS_CAP_U32) && defined (XATTR_NAME_CAPS)
#if VFS_CAP_U32 != __CAP_BLKS
# error VFS representation of capabilities is not the same size as kernel
--
2.27.0

27
libcap.spec
View File

@ -1,6 +1,6 @@
Name: libcap
Version: 2.61
Release: 9
Release: 4
Summary: A library for getting and setting POSIX.1e draft 15 capabilities
License: GPLv2
URL: https://sites.google.com/site/fullycapable
@ -11,14 +11,6 @@ Patch1: Fix-syntax-error-in-DEBUG-protected-setcap.c-code.patch
Patch2: backport-psx-free-allocated-memory-at-exit.patch
Patch3: backport-Avoid-a-deadlock-in-forked-psx-thread-exit.patch
Patch4: backport-getpcaps-catch-PID-parsing-errors.patch
Patch5: backport-Correct-the-check-of-pthread_create-s-return-value.patch
Patch6: backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
Patch7: backport-There-was-a-small-memory-leak-in-pam_cap.so-when-lib.patch
Patch8: backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch
Patch9: backport-getpcaps-fix-program-name-in-help-message.patch
Patch10: backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch
Patch11: backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch
Patch12: backport-Address-some-static-analysis-observations.patch
BuildRequires: libattr-devel pam-devel perl-interpreter gcc
@ -82,23 +74,6 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
%{_mandir}/man8/*.gz
%changelog
* Thu Mar 13 2025 yixiangzhike <yixiangzhike007@163.com> - 2.61-9
- backport upstream patch to address some static analysis observations
* Tue Mar 04 2025 Linux_zhang <zhangruifang@h-partners.com> - 2.61-8
- fix CVE-2025-1390
* Mon Mar 25 2024 yanglongkang <yanglongkang@h-partners.com> - 2.61-7
- backport upstream patches:
getcpcaps: fix program name in help message
Stop using _pam_overwrite() in pam_cap.c
* Mon Jul 3 2023 wangyunjia <yunjia.wang@huawei.com> - 2.61-6
- VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build
* Mon May 29 2023 wangyunjia <yunjia.wang@huawei.com> - 2.61-5
- fix CVE-2023-2602/CVE-2023-2603 && fix memory leaks
* Tue Nov 1 2022 yixiangzhike <yixiangzhike007@163.com> - 2.61-4
- backport upstream patch