nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
Thomas Gerbet 82a6b7b258 trousers: 0.3.14 -> 0.3.15
Fix CVE-2020-24332, CVE-2020-24330 and CVE-2020-24331.
2021-01-26 22:49:13 +01:00

20 lines
774 B
Diff

diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c
--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c 2013-07-12 18:27:37.000000000 +0200
+++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c 2013-08-21 14:29:42.917231648 +0200
@@ -763,6 +763,7 @@
return TCSERR(TSS_E_INTERNAL_ERROR);
}
+#ifndef ALLOW_NON_TSS_CONFIG_FILE
/* make sure user/group TSS owns the conf file */
if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
@@ -775,6 +776,7 @@
LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
return TCSERR(TSS_E_INTERNAL_ERROR);
}
+#endif
#endif /* SOLARIS */
if ((f = fopen(tcsd_config_file, "r")) == NULL) {