gnu: rush: Fix CVE-2013-6889.

* gnu/packages/patches/rush-CVE-2013-6889.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/rush.scm (rush): Use it.
author: Ludovic Courtès <ludo@gnu.org> 2016-05-26 22:51:12 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2016-05-26 22:51:12 +0200
commit: 2ca55f939ca32f506a307a00f07eb2b027cfb812 (patch)
tree: 17cd776586e4f7205d9c0d610c0b57812dbbbbd6 /gnu/packages/patches
parent: f01c461994307c5e19ff14bc695cdf1d813880e0 (diff)
download: guix-2ca55f939ca32f506a307a00f07eb2b027cfb812.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/gnu/packages/patches/rush-CVE-2013-6889.patch b/gnu/packages/patches/rush-CVE-2013-6889.patch
new file mode 100644
index 0000000000..862528a12c
--- /dev/null
+++ b/gnu/packages/patches/rush-CVE-2013-6889.patch
@@ -0,0 +1,23 @@
+commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
+Author: Mats Erik Andersson <gnu@gisladisker.se>
+Date:   Mon Jan 20 13:33:52 2014 +0200
+
+    Protect against CVE-2013-6889 (tiny change).
+    
+    Reset the effective user identification in testing mode.
+
+diff --git a/src/rush.c b/src/rush.c
+index 45d737a..dc6518e 100644
+--- a/src/rush.c
++++ b/src/rush.c
+@@ -980,6 +980,10 @@ main(int argc, char **argv)
+ 	} else if (argc > optind)
+ 		die(usage_error, NULL, _("invalid command line"));
+ 	
++	/* Relinquish root privileges in test mode */
++	if (lint_option)
++		setuid(getuid());
++	
+ 	if (test_user_name) {
+ 		struct passwd *pw = getpwnam(test_user_name);
+ 		if (!pw)
author	Ludovic Courtès <ludo@gnu.org>	2016-05-26 22:51:12 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2016-05-26 22:51:12 +0200
commit	2ca55f939ca32f506a307a00f07eb2b027cfb812 (patch)
tree	17cd776586e4f7205d9c0d610c0b57812dbbbbd6 /gnu/packages/patches
parent	f01c461994307c5e19ff14bc695cdf1d813880e0 (diff)
download	guix-2ca55f939ca32f506a307a00f07eb2b027cfb812.tar.gz