packages/multipath-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!113 修复CVE-2022-41973

Browse Source 
From: @shikemeng 
Reviewed-by: @lixiaokeng, @liuzhiqiang26 
Signed-off-by: @liuzhiqiang26
This commit is contained in:
openeuler-ci-bot 2022-10-31 03:03:45 +00:00 committed by Gitee
commit d0eed8172b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 137 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
0018-multipath-tools-use-run-instead-of-dev-shm.patch Normal file
View File

@ -0,0 +1,131 @@
From 0b6ed498ec133a1ddb4afbb8614c25f52835ba3a Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Thu, 1 Sep 2022 19:21:30 +0200
Subject: [PATCH] multipath-tools: use /run instead of /dev/shm
/dev/shm may have unsafe permissions. Use /run instead.
Use systemd's tmpfiles.d mechanism to create /run/multipath
early during boot.
For backward compatibilty, make the runtime directory configurable
via the "runtimedir" make variable.
Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
---
Makefile.inc | 3 +++
libmultipath/defaults.h | 2 +-
multipath/Makefile | 11 ++++++++---
multipath/{multipath.rules => multipath.rules.in} | 4 ++--
multipath/tmpfiles.conf.in | 1 +
5 files changed, 15 insertions(+), 6 deletions(-)
rename multipath/{multipath.rules => multipath.rules.in} (95%)
create mode 100644 multipath/tmpfiles.conf.in
diff --git a/Makefile.inc b/Makefile.inc
index 9913e7a..1a7f9a8 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -57,6 +57,7 @@ exec_prefix = $(prefix)/usr
usr_prefix = $(prefix)
bindir = $(exec_prefix)/sbin
libudevdir = $(prefix)/$(SYSTEMDPATH)/udev
+tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d
udevrulesdir = $(libudevdir)/rules.d
multipathdir = $(TOPDIR)/libmultipath
man8dir = $(prefix)/usr/share/man/man8
@@ -74,6 +75,7 @@ libdmmpdir = $(TOPDIR)/libdmmp
nvmedir = $(TOPDIR)/libmultipath/nvme
includedir = $(prefix)/usr/include
pkgconfdir = $(usrlibdir)/pkgconfig
+runtimedir := /$(RUN)
GZIP = gzip -9 -c
RM = rm -f
@@ -104,6 +106,7 @@ WARNFLAGS := -Werror -Wall -Wextra -Wformat=2 $(WFORMATOVERFLOW) -Werror=implici
CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2
CFLAGS := --std=gnu99 $(CFLAGS) $(OPTFLAGS) $(WARNFLAGS) -pipe \
-DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \
+ -DRUNTIME_DIR=\"$(runtimedir)\" \
-MMD -MP
BIN_CFLAGS = -fPIE -DPIE
LIB_CFLAGS = -fPIC
diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h
index e0dd32a..cec82f0 100644
--- a/libmultipath/defaults.h
+++ b/libmultipath/defaults.h
@@ -69,7 +69,7 @@
#define DEFAULT_WWIDS_FILE "/etc/multipath/wwids"
#define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys"
#define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d"
-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/"
+#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/"
static inline char *set_default(char *str)
diff --git a/multipath/Makefile b/multipath/Makefile
index e720c7f..199a47a 100644
--- a/multipath/Makefile
+++ b/multipath/Makefile
@@ -12,7 +12,7 @@ EXEC = multipath
OBJS = main.o
-all: $(EXEC)
+all: $(EXEC) multipath.rules tmpfiles.conf
$(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so
$(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS)
@@ -26,7 +26,9 @@ install:
$(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/
$(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir)
$(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir)
- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
+ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
+ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir)
+ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir)
@@ -43,9 +45,12 @@ uninstall:
$(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz
clean: dep_clean
- $(RM) core *.o $(EXEC) *.gz
+ $(RM) core *.o $(EXEC) *.gz multipath.rules tmpfiles.conf
include $(wildcard $(OBJS:.o=.d))
dep_clean:
$(RM) $(OBJS:.o=.d)
+
+%: %.in
+ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@
diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in
similarity index 95%
rename from multipath/multipath.rules
rename to multipath/multipath.rules.in
index 9df11a9..be401c8 100644
--- a/multipath/multipath.rules
+++ b/multipath/multipath.rules.in
@@ -1,8 +1,8 @@
# Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath
SUBSYSTEM!="block", GOTO="end_mpath"
KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath"
-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \
- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor"
+ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \
+ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor"
ACTION!="add|change", GOTO="end_mpath"
IMPORT{cmdline}="nompath"
diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in
new file mode 100644
index 0000000..21be438
--- /dev/null
+++ b/multipath/tmpfiles.conf.in
@@ -0,0 +1 @@
+d @RUNTIME_DIR@/multipath 0700 root root -
--
2.27.0

7
multipath-tools.spec
View File

@ -1,7 +1,7 @@
#needsrootforbuild #needsrootforbuild
Name: multipath-tools Name: multipath-tools
Version: 0.8.7 Version: 0.8.7
Release: 4 Release: 5
Summary: Tools to manage multipath devices with the device-mapper Summary: Tools to manage multipath devices with the device-mapper
License: GPL-2.0-or-later and LGPL-2.0-only License: GPL-2.0-or-later and LGPL-2.0-only
URL: http://christophe.varoqui.free.fr/ URL: http://christophe.varoqui.free.fr/
@ -26,6 +26,7 @@ Patch14: 0014-remove-local-disk-from-pathvec.patch
Patch15: 0015-clear-mpp-path-reference-when-path-is-freed-otherwis.patch Patch15: 0015-clear-mpp-path-reference-when-path-is-freed-otherwis.patch
Patch16: 0016-multipath-return-failure-on-an-invalid-remove-cmd.patch Patch16: 0016-multipath-return-failure-on-an-invalid-remove-cmd.patch
Patch17: 0017-multipath-fix-exit-status-of-multipath-T.patch Patch17: 0017-multipath-fix-exit-status-of-multipath-T.patch
Patch18: 0018-multipath-tools-use-run-instead-of-dev-shm.patch
BuildRequires: multipath-tools, libcmocka, libcmocka-devel BuildRequires: multipath-tools, libcmocka, libcmocka-devel
BuildRequires: gcc, libaio-devel, userspace-rcu-devel, device-mapper-devel >= 1.02.89 BuildRequires: gcc, libaio-devel, userspace-rcu-devel, device-mapper-devel >= 1.02.89
BuildRequires: libselinux-devel, libsepol-devel, readline-devel, ncurses-devel, BuildRequires: libselinux-devel, libsepol-devel, readline-devel, ncurses-devel,
@ -143,6 +144,7 @@ fi
/usr/%{_lib}/multipath/* /usr/%{_lib}/multipath/*
%config /usr/lib/udev/rules.d/62-multipath.rules %config /usr/lib/udev/rules.d/62-multipath.rules
%config /usr/lib/udev/rules.d/11-dm-mpath.rules %config /usr/lib/udev/rules.d/11-dm-mpath.rules
%config /usr/lib/tmpfiles.d/multipath.conf
%files devel %files devel
@ -171,6 +173,9 @@ fi
%changelog %changelog
* Wed Oct 26 2022 shikemeng<shikemeng@huawei.com> - 0.8.7-5
- use /run instead of /dev/shm to fix CVE-2022-41973
* Fri Sep 2 2022 xueyamao<xueyamao@kylinos.cn> - 0.8.7-4 * Fri Sep 2 2022 xueyamao<xueyamao@kylinos.cn> - 0.8.7-4
- multipath fix exit status of multipath -T - multipath fix exit status of multipath -T