NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,494 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
fddb760946
Go to file
Peter Korsgaard fddb760946 sudo: add upstream security patch for CVE-2017-1000367 
CVE-2017-1000367 - Potential overwrite of arbitrary files on Linux

On Linux systems, sudo parses the /proc/[pid]/stat file to determine the
device number of the process's tty (field 7).  The fields in the file are
space-delimited, but it is possible for the command name (field 2) to
include spaces, which sudo does not account for.  A user with sudo
privileges can cause sudo to use a device number of the user's choosing by
creating a symbolic link from the sudo binary to a name that contains a
space, followed by a number.

If SELinux is enabled on the system and sudo was built with SELinux support,
a user with sudo privileges may be able to to overwrite an arbitrary file.
This can be escalated to full root access by rewriting a trusted file such
as /etc/shadow or even /etc/sudoers.

For more details, see: https://www.sudo.ws/alerts/linux_tty.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-31 12:30:49 +02:00
arch arch, linux, package: remove whitespaces 2017-03-29 23:30:37 +02:00
board board/stmicroelectronics/stm32f469-disco: remove OpenOCD patches 2017-05-07 13:56:00 +02:00
boot uboot: fix target uboot defconfig warning 2017-04-22 15:05:50 +02:00
configs configs/armadeus_apf9328_defconfig: remove RPC option 2017-05-07 14:11:16 +02:00
docs Update for 2017.05-rc3 2017-05-30 10:28:45 +02:00
fs ext2: add help text for BR2_TARGET_ROOTFS_EXT2_BLOCKS 2017-05-04 17:15:13 +02:00
linux linux: bump default version to 4.11.3 2017-05-26 15:10:22 +02:00
package sudo: add upstream security patch for CVE-2017-1000367 2017-05-31 12:30:49 +02:00
support support/testing: rename variables for readability 2017-05-28 14:54:43 +02:00
system system: do not overwrite /bin/sh Busybox symlink 2017-03-29 23:28:58 +02:00
toolchain toolchain-external: adjust musl dynamic linker symlink for mips-sf 2017-05-30 11:39:40 +02:00
.defconfig arch: remove support for sh64 2016-09-08 22:15:15 +02:00
.gitignore
.gitlab-ci.yml .gitlab-ci.yml: regenerate after snps_archs38_zebu_defconfig rename 2017-05-14 13:56:38 +02:00
.gitlab-ci.yml.in gitlab-ci: add gcc-multilib to the docker image 2017-03-10 14:22:25 +01:00
CHANGES Update for 2017.05-rc3 2017-05-30 10:28:45 +02:00
Config.in package: add generic support for lz archives 2017-02-15 22:11:11 +01:00
Config.in.legacy package/sunxi-mali: remove sunxi-mali libMali for r2p4 Mali kernel modules 2017-05-07 16:14:29 +02:00
COPYING COPYING: add exception about patch licensing 2016-02-26 19:50:13 +01:00
DEVELOPERS package/firejail: remove broken package 2017-05-29 22:16:17 +02:00
Makefile Update for 2017.05-rc3 2017-05-30 10:28:45 +02:00
Makefile.legacy Remove BR2_DEPRECATED 2016-10-15 23:14:45 +02:00
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches