diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2016-03-30 01:20:46 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2016-03-30 01:21:34 -0400 |
| commit | 0970c507b3eda2d1909614026385bf8767766322 (patch) | |
| tree | f796e41d463efbadfdede24c05d968ef446e34d1 /sys-apps/sandbox | |
| parent | x11-misc/cbatticon: Old. (diff) | |
| download | gentoo-0970c507b3eda2d1909614026385bf8767766322.tar.gz gentoo-0970c507b3eda2d1909614026385bf8767766322.tar.bz2 gentoo-0970c507b3eda2d1909614026385bf8767766322.zip | |
sys-apps/sandbox: fix execvpe handling #578516
Diffstat (limited to 'sys-apps/sandbox')
| -rw-r--r-- | sys-apps/sandbox/files/sandbox-2.11-execvpe.patch | 30 | ||||
| -rw-r--r-- | sys-apps/sandbox/sandbox-2.11-r2.ebuild (renamed from sys-apps/sandbox/sandbox-2.11-r1.ebuild) | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch new file mode 100644 index 000000000000..7e8130b51e6a --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch @@ -0,0 +1,30 @@ +From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Wed, 30 Mar 2016 01:17:21 -0400 +Subject: [PATCH] libsandbox: whitelist execvpe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +URL: https://bugs.gentoo.org/578516 +Reported-by: Toralf Förster <toralf.foerster@gmx.de> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsandbox/libsandbox.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +index cbe1aa1..e809308 100644 +--- a/libsandbox/libsandbox.c ++++ b/libsandbox/libsandbox.c +@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, + sb_nr == SB_NR_EXECV || + sb_nr == SB_NR_EXECVP || + sb_nr == SB_NR_EXECVE || ++ sb_nr == SB_NR_EXECVPE || + sb_nr == SB_NR_FEXECVE)) + { + retval = check_prefixes(sbcontext->read_prefixes, +-- +2.7.4 + diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild b/sys-apps/sandbox/sandbox-2.11-r2.ebuild index 80013163c5f7..4f9884f480dd 100644 --- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild +++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild @@ -32,6 +32,7 @@ sandbox_death_notice() { } src_prepare() { + epatch "${FILESDIR}"/${P}-execvpe.patch #578516 epatch "${FILESDIR}"/${P}-exec-hash.patch #578524 epatch_user } |