Bug 108085

Summary: port devel/py-freebsd: reference counting bug
Product: Ports & Packages Reporter: Martin Kammerhofer <dada>
Component: Individual Port(s)Assignee: Hye-Shik Chang <perky>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Martin Kammerhofer 2007-01-18 13:20:15 UTC 
Bug #1:
  The Python wrapper freebsd.setprogname passes a temporary C pointer
  to setprogname(3). Libc's setprogname stashes this pointer rather than
  a copy of the referenced string. Therefore when libc uses this pointer
  later on -- e.g. for error reporting or setproctitle(3) -- it points to
  arbitrary data inside the Python interpreter.
  This bug can be trivially fixed by proper reference counting.

Bug #2:
  The Python wrapper freebsd.setproctitle passes its raw string argument
  to setproctitle(3). This is a security risk whenever the string
  contains user-supplied data and well documented in the setproctitle(3)
  man page.

How-To-Repeat: # Bug #1:
martin@Martin:~/patches$ python2.4
Python 2.4.4 (#2, Nov 28 2006, 22:41:53) 
[GCC 3.4.6 [FreeBSD] 20060305] on freebsd6
Type "help", "copyright", "credits" or "license" for more information.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-01-18 13:20:27 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->perky

Over to maintainer
Comment 2 Martin Kammerhofer 2007-03-12 08:32:57 UTC 
Could someone else take care please!
We have a maintainer timeout.

Martin
Comment 3 Hye-Shik Chang freebsd_committer freebsd_triage 2007-03-29 08:19:47 UTC 
State Changed
From-To: open->closed

Added the patch to the port.  Thank you for the patch and sorry for 
the delay.
Comment 4 dfilter service freebsd_committer freebsd_triage 2007-03-29 08:20:15 UTC 
perky       2007-03-29 07:20:09 UTC

  FreeBSD ports repository

  Modified files:
    devel/py-freebsd     Makefile 
  Added files:
    devel/py-freebsd/files patch-src-process.c 
  Log:
  - Add a patch to fix a bug on setproctitle support. [1]
  - Pass the maintainership to python@.
  
  PR:             108085
  Submitted by:   Martin Kammerhofer <dada@pluto.tugraz.at>
  
  Revision  Changes    Path
  1.12      +2 -1      ports/devel/py-freebsd/Makefile
  1.1       +52 -0     ports/devel/py-freebsd/files/patch-src-process.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"