rpms / mod_wsgi

Clone
Source Code
GIT

Blame SOURCES/mod_wsgi-3.4-CVE-2014-0240.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-beta-stream-3.8 c8-beta-stream-3.9 c8-stream-3.8 c8-stream-3.9 c8s c8s-stream-3.8 c8s-stream-3.9 c9 c9-beta
  1.   cb40a0bc4d2ef923dbfa20b0e2d18d83d2f59114
  2.   SOURCES
  3.   mod_wsgi-3.4-CVE-2014-0240.patch
Blob History Raw
cb40a0 
From d9d5fea585b23991f76532a9b07de7fcd3b649f4 Mon Sep 17 00:00:00 2001
cb40a0 
From: Graham Dumpleton <Graham.Dumpleton@gmail.com>
cb40a0 
Date: Wed, 21 May 2014 16:16:47 +1000
cb40a0 
Subject: [PATCH] Local privilege escalation when using daemon mode.
cb40a0 
 (CVE-2014-0240)
cb40a0
cb40a0 
---
cb40a0 
 mod_wsgi.c | 13 +++++++++++++
cb40a0 
 1 file changed, 13 insertions(+)
cb40a0
cb40a0 
diff --git a/mod_wsgi.c b/mod_wsgi.c
cb40a0 
index 32b2903..3ef911b 100644
cb40a0 
--- a/mod_wsgi.c
cb40a0 
+++ b/mod_wsgi.c
cb40a0 
@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon)
cb40a0 
         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
cb40a0 
                      "mod_wsgi (pid=%d): Unable to change to uid=%ld.",
cb40a0 
                      getpid(), (long)daemon->group->uid);
cb40a0 
+
cb40a0 
+        /*
cb40a0 
+         * On true UNIX systems this should always succeed at
cb40a0 
+         * this point. With certain Linux kernel versions though
cb40a0 
+         * we can get back EAGAIN where the target user had
cb40a0 
+         * reached their process limit. In that case will be left
cb40a0 
+         * running as wrong user. Just exit on all failures to be
cb40a0 
+         * safe. Don't die immediately to avoid a fork bomb.
cb40a0 
+         */
cb40a0 
+
cb40a0 
+        sleep(20);
cb40a0 
+
cb40a0 
+        exit(-1);
cb40a0 
     }
cb40a0
cb40a0 
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
cb40a0 
--
cb40a0 
2.0.3
cb40a0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation