Message ID | 1375294169-9567-4-git-send-email-apw@canonical.com |
---|---|
State | New |
Headers | show |
On 07/31/2013 07:09 PM, Andy Whitcroft wrote: > If we do not supply an installation prefix when we are building perf > it will assume it is designed to run relative to the builders HOME. > This means that as built on a buildd we will check for the system > configuration relative to the buildd users home rather than in /etc. > This implies a local user could use this to compromise other users _if_ > there is a buildd user installed on the system and they have access to it. > > CVE-2013-1060 > BugLink: http://bugs.launchpad.net/bugs/1206200 > Signed-off-by: Andy Whitcroft <apw@canonical.com> > --- > debian/rules.d/2-binary-arch.mk | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk > index 23367bb..7a04bcb 100644 > --- a/debian/rules.d/2-binary-arch.mk > +++ b/debian/rules.d/2-binary-arch.mk > @@ -440,7 +440,7 @@ $(stampdir)/stamp-build-perarch: $(stampdir)/stamp-prepare-perarch > @echo Debug: $@ > ifeq ($(do_tools),true) > cd $(builddirpa)/tools/perf && \ > - make HAVE_CPLUS_DEMANGLE=1 CROSS_COMPILE=$(CROSS_COMPILE) > + make prefix=/usr HAVE_CPLUS_DEMANGLE=1 CROSS_COMPILE=$(CROSS_COMPILE) > if [ "$(arch)" = "amd64" ] || [ "$(arch)" = "i386" ]; then \ > cd $(builddirpa)/tools/power/x86/x86_energy_perf_policy && make CROSS_COMPILE=$(CROSS_COMPILE); \ > cd $(builddirpa)/tools/power/x86/turbostat && make CROSS_COMPILE=$(CROSS_COMPILE); \ >
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index 23367bb..7a04bcb 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -440,7 +440,7 @@ $(stampdir)/stamp-build-perarch: $(stampdir)/stamp-prepare-perarch @echo Debug: $@ ifeq ($(do_tools),true) cd $(builddirpa)/tools/perf && \ - make HAVE_CPLUS_DEMANGLE=1 CROSS_COMPILE=$(CROSS_COMPILE) + make prefix=/usr HAVE_CPLUS_DEMANGLE=1 CROSS_COMPILE=$(CROSS_COMPILE) if [ "$(arch)" = "amd64" ] || [ "$(arch)" = "i386" ]; then \ cd $(builddirpa)/tools/power/x86/x86_energy_perf_policy && make CROSS_COMPILE=$(CROSS_COMPILE); \ cd $(builddirpa)/tools/power/x86/turbostat && make CROSS_COMPILE=$(CROSS_COMPILE); \
If we do not supply an installation prefix when we are building perf it will assume it is designed to run relative to the builders HOME. This means that as built on a buildd we will check for the system configuration relative to the buildd users home rather than in /etc. This implies a local user could use this to compromise other users _if_ there is a buildd user installed on the system and they have access to it. CVE-2013-1060 BugLink: http://bugs.launchpad.net/bugs/1206200 Signed-off-by: Andy Whitcroft <apw@canonical.com> --- debian/rules.d/2-binary-arch.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)