Issue metadata
Sign in to add a comment
|
dc: add a --sandbox flag |
||||||||||||||||||||||
Issue descriptionsince the bc package is getting pulled into images now, we should harden it a bit. the dc program has a ! operator which grants access to system(). we should double check any other operations that it allows (related to file access).
,
Sep 17
Nevermind, now I see that this is fallout from the root exploit.
,
Sep 17
sent patches upstream for it, but bc tends to not be updated and doesn't have a real project page to speak of, so i'm just going to throw into Gentoo now
,
Sep 17
,
Sep 18
,
Sep 18
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/97d15067c1cd1757f8d4e164d210c665990d955c commit 97d15067c1cd1757f8d4e164d210c665990d955c Author: Mike Frysinger <vapier@chromium.org> Date: Tue Sep 18 21:03:58 2018 ed: import for bc building The bc package uses ed during build time, so pull it in. BUG= chromium:884778 TEST=precq passes Change-Id: I02beba533eb2b1f12d43b2ff8248b6841da4464e Reviewed-on: https://chromium-review.googlesource.com/1229235 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org> [add] https://crrev.com/97d15067c1cd1757f8d4e164d210c665990d955c/sys-apps/ed/Manifest [add] https://crrev.com/97d15067c1cd1757f8d4e164d210c665990d955c/sys-apps/ed/ed-1.14.2.ebuild [add] https://crrev.com/97d15067c1cd1757f8d4e164d210c665990d955c/metadata/md5-cache/sys-apps/ed-1.14.2 [add] https://crrev.com/97d15067c1cd1757f8d4e164d210c665990d955c/sys-apps/ed/metadata.xml
,
Sep 19
Are 'bc' and 'dc' in the same package?
,
Sep 19
yep
,
Sep 25
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/b33c3fb222f29060c0d80b6f4604d21c063f1e83 commit b33c3fb222f29060c0d80b6f4604d21c063f1e83 Author: Mike Frysinger <vapier@chromium.org> Date: Tue Sep 25 18:58:27 2018 bc: upgrade to latest version This brings in new sandbox features. BUG= chromium:884778 TEST=precq passes Change-Id: I69d63db0d42f227064e866efc3f3cb60fc9f824e Reviewed-on: https://chromium-review.googlesource.com/1229236 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org> [delete] https://crrev.com/6e8abea3871768cec0e9b6f002d26d3bee3d3043/sys-devel/bc/bc-1.06.95.ebuild [add] https://crrev.com/b33c3fb222f29060c0d80b6f4604d21c063f1e83/sys-devel/bc/bc-1.07.1-r2.ebuild [modify] https://crrev.com/b33c3fb222f29060c0d80b6f4604d21c063f1e83/sys-devel/bc/Manifest [add] https://crrev.com/b33c3fb222f29060c0d80b6f4604d21c063f1e83/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch [add] https://crrev.com/b33c3fb222f29060c0d80b6f4604d21c063f1e83/sys-devel/bc/files/bc-1.07.1-sandbox.patch [modify] https://crrev.com/b33c3fb222f29060c0d80b6f4604d21c063f1e83/sys-devel/bc/metadata.xml [delete] https://crrev.com/6e8abea3871768cec0e9b6f002d26d3bee3d3043/sys-devel/bc/files/bc-1.06.95-void_uninitialized.patch [add] https://crrev.com/b33c3fb222f29060c0d80b6f4604d21c063f1e83/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch
,
Sep 26
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/bcb61568d46dd20800e203016c1210befd937526 commit bcb61568d46dd20800e203016c1210befd937526 Author: Mike Frysinger <vapier@chromium.org> Date: Wed Sep 26 17:33:06 2018 bc: enable USE=forced-sandbox We have no need for the ! command in the dc program so disable it. BUG= chromium:884778 TEST=precq passes Change-Id: Ia11d9a967d8e3587fce2926c302f8c0d7e6b6bff Reviewed-on: https://chromium-review.googlesource.com/1229238 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org> [modify] https://crrev.com/bcb61568d46dd20800e203016c1210befd937526/profiles/targets/chromeos/package.use
,
Sep 26
this is done for R71, but i don't think it's worth backporting as this program shouldn't have been run the first place, and if people have arbitrary code exec, seems like dc doesn't make it worse.
,
Sep 27
,
Jan 3
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kerrnel@chromium.org
, Sep 17