Commit 9efccd10 authored by Leonardo Arena's avatar Leonardo Arena

main/freeradius: security fix (CVE-2019-10143)

Fixes #10744
parent 720693ce
......@@ -5,7 +5,7 @@
pkgname=freeradius
_realname=freeradius
pkgver=3.0.15
pkgrel=4
pkgrel=5
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="http://freeradius.org/"
arch="all"
......@@ -32,10 +32,13 @@ source="ftp://ftp.freeradius.org/pub/freeradius/old/$_realname-server-$pkgver.ta
fix-scopeid.patch
freeradius-313-default-config.patch
CVE-2019-11234-5.patch
CVE-2019-10143.patch
"
builddir="$srcdir"/$_realname-server-$pkgver
# secfixes:
# 3.0.17-r5:
# - CVE-2019-10143
# 3.0.15-r4:
# - CVE-2019-11234
# - CVE-2019-11235
......@@ -289,4 +292,5 @@ ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a74202
c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch
666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch
05b19e1b4d43eac3ddb2f1d62a31bedb2e3386bdafc0253506304d46e6ea41f1bf798c28d3b1207341c4c9d17de0775a9ca8aa2b9c27a90c92d21c0a73ee6477 CVE-2019-11234-5.patch"
05b19e1b4d43eac3ddb2f1d62a31bedb2e3386bdafc0253506304d46e6ea41f1bf798c28d3b1207341c4c9d17de0775a9ca8aa2b9c27a90c92d21c0a73ee6477 CVE-2019-11234-5.patch
5506cc095553c2024319f0818fd317c02c0aa52f306b506e44f661f2f600874426118decdc2313a2da8313bff3578d364262f947faa9198595a830764a336b57 CVE-2019-10143.patch"
From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Tue, 7 May 2019 16:04:29 -0400
Subject: [PATCH] su to radiusd user/group when rotating logs
The su directive to logrotate ensures that log rotation happens under the
owner of the logs. Otherwise, logrotate runs as root:root, potentially
enabling privilege escalation if a RCE is discovered against the
FreeRADIUS daemon.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
debian/freeradius.logrotate | 3 +++
redhat/freeradius-logrotate | 1 +
scripts/logrotate/freeradius | 3 +++
suse/radiusd-logrotate | 1 +
4 files changed, 8 insertions(+)
diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate
index 7d837d53bd..a8d29b7adf 100644
--- a/debian/freeradius.logrotate
+++ b/debian/freeradius.logrotate
@@ -9,6 +9,7 @@
notifempty
copytruncate
+ su freerad freerad
}
# (in order)
@@ -26,6 +27,7 @@
notifempty
nocreate
+ su freerad freerad
}
# There are different detail-rotating strategies you can use. One is
@@ -45,4 +47,5 @@
notifempty
nocreate
+ su freerad freerad
}
diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate
index 360765ddc4..bb97ca5547 100644
--- a/redhat/freeradius-logrotate
+++ b/redhat/freeradius-logrotate
@@ -9,6 +9,7 @@ rotate 4
missingok
compress
delaycompress
+su radiusd radiusd
#
# The main server log
diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius
index 3de435e76e..eecf63175a 100644
--- a/scripts/logrotate/freeradius
+++ b/scripts/logrotate/freeradius
@@ -17,6 +17,7 @@
notifempty
copytruncate
+ su radiusd radiusd
}
# (in order)
@@ -34,6 +35,7 @@
notifempty
nocreate
+ su radiusd radiusd
}
# There are different detail-rotating strategies you can use. One is
@@ -53,4 +55,5 @@
notifempty
nocreate
+ su radiusd radiusd
}
diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate
index 24d56be1a9..be5a797684 100644
--- a/suse/radiusd-logrotate
+++ b/suse/radiusd-logrotate
@@ -11,6 +11,7 @@ missingok
compress
delaycompress
notifempty
+su radiusd radiusd
#
# The main server log
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment