NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34,306 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
e67d4c0c3f
Go to file
Peter Korsgaard e67d4c0c3f sudo: add upstream security patch for CVE-2017-1000367 
CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux

On Linux systems, sudo parses the /proc/[pid]/stat file to determine the
device number of the process's tty (field 7).  The fields in the file are
space-delimited, but it is possible for the command name (field 2) to
include spaces, which sudo does not account for.  A user with sudo
privileges can cause sudo to use a device number of the user's choosing by
creating a symbolic link from the sudo binary to a name that contains a
space, followed by a number.

If SELinux is enabled on the system and sudo was built with SELinux support,
a user with sudo privileges may be able to to overwrite an arbitrary file.
This can be escalated to full root access by rewriting a trusted file such
as /etc/shadow or even /etc/sudoers.

For more details, see: https://www.sudo.ws/alerts/linux_tty.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fddb760946)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-01 16:42:25 +02:00
arch arch: add OpenRISC architecture support 2017-01-25 22:53:53 +01:00
board board/atmel/readme.txt: fix typos 2017-02-24 11:58:30 +01:00
boot uboot: fix target uboot defconfig warning 2017-04-24 17:50:14 +02:00
configs configs/mx25pdk: Bump U-Boot and kernel versions 2017-02-09 22:22:21 +01:00
docs Update for 2017.02 2017-02-28 22:00:23 +01:00
fs fs/iso9660: doesn't support (grub2) EFI 2017-03-02 08:20:38 +01:00
linux linux: bump default to version 4.9.13 2017-02-26 15:13:21 +01:00
package sudo: add upstream security patch for CVE-2017-1000367 2017-06-01 16:42:25 +02:00
support core/br2-external: properly report unexpected errors 2017-03-31 09:09:46 +02:00
system system: do not overwrite /bin/sh Busybox symlink 2017-03-31 09:12:23 +02:00
toolchain toolchain-external: adjust musl dynamic linker symlink for mips-sf 2017-06-01 16:37:37 +02:00
.defconfig
.gitignore
CHANGES Update for 2017.02.2 2017-05-02 00:05:42 +02:00
Config.in package: add generic support for lz archives 2017-02-15 22:11:11 +01:00
Config.in.legacy perl-db-file: remove this package 2016-12-27 18:00:50 +01:00
COPYING
DEVELOPERS DEVELOPERS: adopt freerdp 2017-02-18 22:08:53 +01:00
Makefile Update for 2017.02.2 2017-05-02 00:05:42 +02:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches