Fix for CVE-2009-0784: stapusr module-path checking race

* runtime/staprun/staprun_funcs.c (check_path): Save fully canonicalized and checked module path for later loading.
author: Frank Ch. Eigler <fche@elastic.org> 2009-03-25 10:44:55 -0400
committer: Frank Ch. Eigler <fche@elastic.org> 2009-03-25 10:47:24 -0400
commit: b41a544e20a42413daa0323d2f149e9e34586ccf (patch)
tree: 2844187b81170df4c34a580824a5b7f301a9ba85 /runtime/staprun/staprun_funcs.c
parent: 882ddac13d8a821b93d4f9d2b7a16c9322ee46b6 (diff)
download: systemtap-steved-b41a544e20a42413daa0323d2f149e9e34586ccf.tar.gz
systemtap-steved-b41a544e20a42413daa0323d2f149e9e34586ccf.tar.xz
systemtap-steved-b41a544e20a42413daa0323d2f149e9e34586ccf.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 5e7fa102..e94e5d13 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -269,6 +269,15 @@ check_path(void)
 		return -1;
 	}
 
+        /* Overwrite the modpath with the canonicalized one, to defeat
+           a possible race between path checking below and somewhat later
+           module loading. */
+        modpath = strdup (module_realpath);
+        if (modpath == NULL) {
+		_perr("allocating memory failed");
+                exit (1);
+        }
+
 	/* To make sure the user can't specify something like
 	 * /lib/modules/`uname -r`/systemtapmod.ko, put a '/' on the
 	 * end of staplib_dir_realpath. */
author	Frank Ch. Eigler <fche@elastic.org>	2009-03-25 10:44:55 -0400
committer	Frank Ch. Eigler <fche@elastic.org>	2009-03-25 10:47:24 -0400
commit	b41a544e20a42413daa0323d2f149e9e34586ccf (patch)
tree	2844187b81170df4c34a580824a5b7f301a9ba85 /runtime/staprun/staprun_funcs.c
parent	882ddac13d8a821b93d4f9d2b7a16c9322ee46b6 (diff)
download	systemtap-steved-b41a544e20a42413daa0323d2f149e9e34586ccf.tar.gz systemtap-steved-b41a544e20a42413daa0323d2f149e9e34586ccf.tar.xz systemtap-steved-b41a544e20a42413daa0323d2f149e9e34586ccf.zip