kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-02-11 18:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

ast_coredumper: create gdbinit file with restrictive permissions

Browse Source 
Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.

Resolves: #GHSA-xpc6-x892-v83c
This commit is contained in:
Mike Bradeen
2026-01-15 12:43:22 -07:00
committed by George Joseph
parent 7e1834cbb1
commit ae5e8c4e01
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/scripts/ast_coredumper
View File

@@ -117,6 +117,7 @@ if $RUNNING ; then
if ${DRY_RUN} ; then
echo "Would run: ${GDB} -p $MAIN_PID -q --batch --ex gcore $cf"
else
install -m 0600 /dev/null "$cf"
${GDB} -p "$MAIN_PID" -q --batch --ex "gcore $cf" >/dev/null 2>&1
fi
echo "$(S_COR "${DRY_RUN}" 'Simulated dump' 'Dump') is complete."
@@ -245,7 +246,7 @@ fi
gdbinit=${OUTPUTDIR}/.ast_coredumper.gdbinit
trap 'rm $gdbinit' EXIT
sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0" >"$gdbinit"
install -m 600 /dev/stdin "$gdbinit" < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
# Now iterate over the coredumps and dump the debugging info
for i in "${!COREDUMPS[@]}" ; do
@@ -295,6 +296,7 @@ for i in "${!COREDUMPS[@]}" ; do
of=${OUTPUTDIR}/${cfname}-${BASH_REMATCH[1]}
of=${of//:/-}
rm -f "$of"
install -m 0600 /dev/null "$of"
msg " Creating $of"
fi
echo -e $"$line" >> "$of"
@@ -313,6 +315,7 @@ for i in "${!COREDUMPS[@]}" ; do
rm -rf "${dest}" 2>/dev/null || :
astbindir=$(dirname "${astbin}")
install -m 0700 -d "${dest}"
mkdir -p "${dest}/tmp" "${dest}/${moddir}" "${dest}/etc" \
"${dest}/${etcdir}" "${dest}/${libdir}" "${dest}/${astbindir}"
@@ -337,6 +340,7 @@ for i in "${!COREDUMPS[@]}" ; do
cp -a "${astbin}" "${dest}/${astbin}"
rm -rf "${tf}"
msg " Creating ${tf}"
install -m 0600 /dev/null "$tf"
tar -chzf "${tf}" --transform="s/^[.]/${cfname}.output/" -C "${dest}" .
sleep 3
rm -rf "${dest}"
@@ -350,6 +354,7 @@ for i in "${!COREDUMPS[@]}" ; do
rm -rf "${dest}" 2>/dev/null || :
mkdir -p "${dest}"
cp "${OUTPUTDIR}/${cfname}"*.txt "${dest}/"
install -m 0600 /dev/null "$tf"
tar -chzf "${tf}" --transform="s/^[.]/${cfname}/" -C "${dest}" .
rm -rf "${dest}"
echo "Created $tf"