A security flaw was found in the way Performance Co-Pilot (PCP), a framework and services to support system-level performance monitoring and performance management, performed management of its temporary files used by various services from the suite. A local attacker could use this flaw to conduct symbolic link attacks (alter or remove different system files, accessible with the privileges of the user running the PCP suite, than it was originally intended). References: [1] https://bugzilla.novell.com/show_bug.cgi?id=782967 (private)
Preliminary embargo date for this issue has been set up to this Friday, 2012-11-16.
Acknowledgements: Red Hat would like to thank SUSE Security Team for reporting this issue. SUSE Security Team acknowledges Thomas Biege of SUSE as the original issue reporter.
Created attachment 644042 [details] Preliminary form of proposed patch created by David Disseldorp of SUSE Note: Might not be complete. Subsequent versions (if any) will be attached here too as soon as we have received them.
Created attachment 644747 [details] Archive with updated patches
FYI - discussing the patches further with David (ddiss at suse - original fix author) we have identified one further fix and a regression in his original fixes. Both will be attached shortly. David has these too now, but perhaps they should be send out to any other distributors. With these, the PCP testsuite is looking in fairly good shape at this stage. cheers. -- Nathan
Created attachment 646265 [details] Fix a minor regression introduced in pcp(1) command from original tmpfile fixes
Created attachment 646266 [details] Close possible races in scripted creation of pcp temp dirs by having packages create them
(In reply to comment #8) > FYI - discussing the patches further with David (ddiss at suse - original > fix author) we have identified one further fix and a regression in his > original fixes. Both will be attached shortly. David has these too now, > but perhaps they should be send out to any other distributors. Thank you for pointing out, Nathan. Do you possibly know from David if he has contacted the SUSE Security Team to re-send the patches? Or is Red Hat Security Response Team expected to do that? Can you clarify either of the options? > > With these, the PCP testsuite is looking in fairly good shape at this stage. > > cheers. > > -- > Nathan Thank you, Jan.
David has definitely contacted the SUSE security folks - was just CC'd on their latest patchset and it includes these two fixes now (was also CC'd to members of the SUSE security team). AIUI there is no expectation that the Red Hat security team will need to propogate any patches (I will confirm that with them too). My current understanding is that SUSE will provide their full patch series, and I'll be doing the upstream merging (and a pcp-3.6.10 release) which includes all these patches, and also the devtoolset and Fedora updates on Monday (19th Nov). cheers. -- Nathan
Public via: https://bugzilla.novell.com/show_bug.cgi?id=782967
Created pcp tracking bugs for this issue Affects: fedora-all [bug 877983] Affects: epel-all [bug 877984]
pcp-3.6.10-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.6.10-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.6.10-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.6.10-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
pcp-3.6.10-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.