M gnu/local.mk => gnu/local.mk +1 -0
@@ 717,6 717,7 @@ dist_patch_DATA = \
%D%/packages/patches/ripperx-missing-file.patch \
%D%/packages/patches/rsem-makefile.patch \
%D%/packages/patches/ruby-symlinkfix.patch \
+ %D%/packages/patches/rush-CVE-2013-6889.patch \
%D%/packages/patches/sed-hurd-path-max.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
A gnu/packages/patches/rush-CVE-2013-6889.patch => gnu/packages/patches/rush-CVE-2013-6889.patch +23 -0
@@ 0,0 1,23 @@
+commit 00bdccd429517f12dbf37ab4397ddec3e51a2738
+Author: Mats Erik Andersson <gnu@gisladisker.se>
+Date: Mon Jan 20 13:33:52 2014 +0200
+
+ Protect against CVE-2013-6889 (tiny change).
+
+ Reset the effective user identification in testing mode.
+
+diff --git a/src/rush.c b/src/rush.c
+index 45d737a..dc6518e 100644
+--- a/src/rush.c
++++ b/src/rush.c
+@@ -980,6 +980,10 @@ main(int argc, char **argv)
+ } else if (argc > optind)
+ die(usage_error, NULL, _("invalid command line"));
+
++ /* Relinquish root privileges in test mode */
++ if (lint_option)
++ setuid(getuid());
++
+ if (test_user_name) {
+ struct passwd *pw = getpwnam(test_user_name);
+ if (!pw)
M gnu/packages/rush.scm => gnu/packages/rush.scm +3 -2
@@ 1,5 1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ 36,7 36,8 @@
(sha256
(base32
"0fh0gbbp0iiq3wbkf503xb40r8ljk42vyj9bnlflbz82d6ipy1rm"))
- (patches (search-patches "cpio-gets-undeclared.patch"))))
+ (patches (search-patches "cpio-gets-undeclared.patch"
+ "rush-CVE-2013-6889.patch"))))
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/rush/")
(synopsis "Restricted user (login) shell")