NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/keepalived: fix CVE-2021-44225

Browse Source 
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently
restrict the message destination, allowing any user to inspect and
manipulate any property. This leads to access-control bypass in some
situations in which an unrelated D-Bus system service has a settable
(writable) property

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This commit is contained in:
Fabrice Fontaine 2021-12-07 23:04:07 +01:00 committed by Arnout Vandecappelle (Essensium/Mind)
parent 671eb03b3b
commit e4464fabb6
2 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
package/keepalived/0002-dbus-fix-policy-to-not-be-overly-broad.patch Normal file
View File

@ -0,0 +1,42 @@
From 7977fec0be89ae6fe87405b3f8da2f0b5e415e3d Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Tue, 23 Nov 2021 06:50:59 +0100
Subject: [PATCH] dbus: fix policy to not be overly broad
The DBus policy did not restrict the message destination, allowing any
user to inspect and manipulate any property.
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
[Retrieved from:
https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
index 2b78a575c..b5ced6085 100644
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
@@ -3,12 +3,15 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
- <allow own="org.keepalived.Vrrp1"/>
- <allow send_destination="org.keepalived.Vrrp1"/>
+ <allow own="org.keepalived.Vrrp1" />
+ <allow send_destination="org.keepalived.Vrrp1" />
</policy>
<policy context="default">
- <allow send_interface="org.freedesktop.DBus.Introspectable" />
- <allow send_interface="org.freedesktop.DBus.Peer" />
- <allow send_interface="org.freedesktop.DBus.Properties" />
+ <allow send_destination="org.keepalived.Vrrp1"
+ send_interface="org.freedesktop.DBus.Introspectable" />
+ <allow send_destination="org.keepalived.Vrrp1"
+ send_interface="org.freedesktop.DBus.Peer" />
+ <allow send_destination="org.keepalived.Vrrp1"
+ send_interface="org.freedesktop.DBus.Properties" />
</policy>
</busconfig>

3
package/keepalived/keepalived.mk
View File

@ -12,6 +12,9 @@ KEEPALIVED_LICENSE_FILES = COPYING
KEEPALIVED_CPE_ID_VENDOR = keepalived
KEEPALIVED_CONF_OPTS = --disable-hardening
# 0002-dbus-fix-policy-to-not-be-overly-broad.patch
KEEPALIVED_IGNORE_CVES += CVE-2021-44225
ifeq ($(BR2_PACKAGE_JSON_C),y)
KEEPALIVED_DEPENDENCIES += json-c
KEEPALIVED_CONF_OPTS += --enable-json