packages/flatpak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!18 [sync] PR-17: Fix CVE-2019-8308

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @wangxiao65,@small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-04-13 14:15:18 +08:00 committed by Gitee
commit 76247609c7
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2019-8308.patch Normal file
View File

@ -0,0 +1,67 @@
From f2af3137e3e5bdd54cad646046da82218aec3fa7 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Sun, 10 Feb 2019 18:23:44 +0100
Subject: [PATCH] Don't expose /proc when running apply_extra
As shown by CVE-2019-5736, it is sometimes possible for the sandbox
app to access outside files using /proc/self/exe. This is not
typically an issue for flatpak as the sandbox runs as the user which
has no permissions to e.g. modify the host files.
However, when installing apps using extra-data into the system repo
we *do* actually run a sandbox as root. So, in this case we disable mounting
/proc in the sandbox, which will neuter attacks like this.
---
common/flatpak-common-types-private.h | 1 +
common/flatpak-dir.c | 2 +-
common/flatpak-run.c | 6 +++++-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/common/flatpak-common-types-private.h b/common/flatpak-common-types-private.h
index e361777..b8f76b9 100644
--- a/common/flatpak-common-types-private.h
+++ b/common/flatpak-common-types-private.h
@@ -45,6 +45,7 @@ typedef enum {
FLATPAK_RUN_FLAG_NO_DOCUMENTS_PORTAL = (1 << 15),
FLATPAK_RUN_FLAG_BLUETOOTH = (1 << 16),
FLATPAK_RUN_FLAG_CANBUS = (1 << 17),
+ FLATPAK_RUN_FLAG_NO_PROC = (1 << 19),
} FlatpakRunFlags;
typedef struct FlatpakDir FlatpakDir;
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 236de4b..56bca24 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -6511,7 +6511,7 @@ apply_extra_data (FlatpakDir *self,
NULL);
if (!flatpak_run_setup_base_argv (bwrap, runtime_files, NULL, runtime_ref_parts[2],
- FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
+ FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
error))
return FALSE;
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index cd6672e..c5fe6dc 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2357,9 +2357,13 @@ flatpak_run_setup_base_argv (FlatpakBwrap *bwrap,
"# Disable user pkcs11 config, because the host modules don't work in the runtime\n"
"user-config: none\n";
+ if ((flags & FLATPAK_RUN_FLAG_NO_PROC) == 0)
+ flatpak_bwrap_add_args (bwrap,
+ "--proc", "/proc",
+ NULL);
+
flatpak_bwrap_add_args (bwrap,
"--unshare-pid",
- "--proc", "/proc",
"--dir", "/tmp",
"--dir", "/var/tmp",
"--dir", "/run/host",
--
2.30.0

6
flatpak.spec
View File

@ -1,6 +1,6 @@
Name: flatpak
Version: 1.0.3
Release: 4
Release: 5
Summary: Application deployment framework for desktop apps
License: LGPLv2+
URL: http://flatpak.org/
@ -14,6 +14,7 @@ Patch0005: CVE-2021-21261-5.patch
Patch0006: CVE-2021-21381-1.patch
Patch0007: CVE-2021-21381-2.patch
Patch0008: CVE-2021-21381-3.patch
Patch0009: CVE-2019-8308.patch
BuildRequires: pkgconfig(appstream-glib) pkgconfig(gio-unix-2.0) pkgconfig(gobject-introspection-1.0) >= 1.40.0 pkgconfig(json-glib-1.0) pkgconfig(libarchive) >= 2.8.0
BuildRequires: pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) >= 2.4 pkgconfig(ostree-1) >= 2018.7 pkgconfig(polkit-gobject-1) pkgconfig(libseccomp) pkgconfig(xau)
@ -108,6 +109,9 @@ flatpak remote-list --system &> /dev/null || :
%{_mandir}/man5/flatpak-remote.5*
%changelog
* Mon Apr 12 2021 wangyue <wangyue92@huawei.com> - 1.0.3-5
- Fix CVE-2019-8308
* Wed Mar 24 2021 wangxiao <wangxiao65@huawei.com> - 1.0.3-4
- Fix CVE-2021-21381