From 480b6f1d37dfe80928a713c718e8d898b4ef79cf Mon Sep 17 00:00:00 2001
From: woody2918 <wudi1@uniontech.com>
Date: Mon, 11 Mar 2024 10:00:55 +0800
Subject: [PATCH 1/3] FIX CVE-2024-2313

---
 ...ole-checking-unpacked-kernel-headers.patch | 124 ++++++++++++++++++
 bpftrace.spec                                 |   1 +
 2 files changed, 125 insertions(+)
 create mode 100644 0001-CVE-2024-2313-Fix-security-hole-checking-unpacked-kernel-headers.patch

diff --git a/0001-CVE-2024-2313-Fix-security-hole-checking-unpacked-kernel-headers.patch b/0001-CVE-2024-2313-Fix-security-hole-checking-unpacked-kernel-headers.patch
new file mode 100644
index 0000000..45adf4e
--- /dev/null
+++ b/0001-CVE-2024-2313-Fix-security-hole-checking-unpacked-kernel-headers.patch
@@ -0,0 +1,124 @@
+From 4be4b7191acb8218240e6b7178c30fa8c9b59998 Mon Sep 17 00:00:00 2001
+From: Jordan Rome <jordalgo@meta.com>
+Date: Wed, 6 Mar 2024 13:59:05 -0500
+Subject: [PATCH] Fix security hole checking unpacked kernel headers (#3033)
+
+Make sure to check that the unpacked kheaders tar
+is owned by root to prevent bpftrace from loading
+compromised linux headers.
+
+Co-authored-by: Jordan Rome <jordalgo@fedoraproject.org>
+---
+ src/utils.cpp   | 26 ++++++++++++++++++++++----
+ src/utils.h     |  1 +
+ tests/utils.cpp | 21 +++++++++++++++++++++
+ 3 files changed, 44 insertions(+), 4 deletions(-)
+
+diff --git a/src/utils.cpp b/src/utils.cpp
+index 0a3af64073c..e9f412e4e9f 100644
+--- a/src/utils.cpp
++++ b/src/utils.cpp
+@@ -108,6 +108,8 @@ const struct vmlinux_location vmlinux_locs[] = {
+   { nullptr, false },
+ };
+ 
++constexpr std::string_view PROC_KHEADERS_PATH = "/sys/kernel/kheaders.tar.xz";
++
+ static bool pid_in_different_mountns(int pid);
+ static std::vector<std::string> resolve_binary_path(const std::string &cmd,
+                                                     const char *env_paths,
+@@ -683,6 +685,20 @@ bool is_dir(const std::string &path)
+   return std_filesystem::is_directory(buf, ec);
+ }
+ 
++bool file_exists_and_ownedby_root(const char *f)
++{
++  struct stat st;
++  if (stat(f, &st) == 0) {
++    if (st.st_uid != 0) {
++      LOG(ERROR) << "header file ownership expected to be root: "
++                 << std::string(f);
++      return false;
++    }
++    return true;
++  }
++  return false;
++}
++
+ namespace {
+ struct KernelHeaderTmpDir {
+   KernelHeaderTmpDir(const std::string &prefix) : path{ prefix + "XXXXXX" }
+@@ -721,14 +737,14 @@ std::string unpack_kheaders_tar_xz(const struct utsname &utsname)
+ #else
+   std_filesystem::path path_prefix{ "/tmp" };
+ #endif
+-  std_filesystem::path path_kheaders{ "/sys/kernel/kheaders.tar.xz" };
++  std_filesystem::path path_kheaders{ PROC_KHEADERS_PATH };
+   if (const char *tmpdir = ::getenv("TMPDIR")) {
+     path_prefix = tmpdir;
+   }
+   path_prefix /= "kheaders-";
+   std_filesystem::path shared_path{ path_prefix.string() + utsname.release };
+ 
+-  if (std_filesystem::exists(shared_path, ec)) {
++  if (file_exists_and_ownedby_root(shared_path.c_str())) {
+     // already unpacked
+     return shared_path.string();
+   }
+@@ -749,8 +765,10 @@ std::string unpack_kheaders_tar_xz(const struct utsname &utsname)
+ 
+   KernelHeaderTmpDir tmpdir{ path_prefix };
+ 
+-  FILE *tar = ::popen(
+-      ("tar xf /sys/kernel/kheaders.tar.xz -C " + tmpdir.path).c_str(), "w");
++  FILE *tar = ::popen(("tar xf " + std::string(PROC_KHEADERS_PATH) + " -C " +
++                       tmpdir.path)
++                          .c_str(),
++                      "w");
+   if (!tar) {
+     return "";
+   }
+diff --git a/src/utils.h b/src/utils.h
+index c6f78495bd7..e048b037480 100644
+--- a/src/utils.h
++++ b/src/utils.h
+@@ -174,6 +174,7 @@ std::vector<std::string> get_wildcard_tokens(const std::string &input,
+ std::vector<int> get_online_cpus();
+ std::vector<int> get_possible_cpus();
+ bool is_dir(const std::string &path);
++bool file_exists_and_ownedby_root(const char *f);
+ std::tuple<std::string, std::string> get_kernel_dirs(
+     const struct utsname &utsname,
+     bool unpack_kheaders = true);
+diff --git a/tests/utils.cpp b/tests/utils.cpp
+index d5f8a2d760a..e996f5a458f 100644
+--- a/tests/utils.cpp
++++ b/tests/utils.cpp
+@@ -358,6 +358,27 @@ TEST(utils, get_pids_for_program)
+   ASSERT_EQ(pids.size(), 0);
+ }
+ 
++TEST(utils, file_exists_and_ownedby_root)
++{
++  std::string tmpdir = "/tmp/bpftrace-test-utils-XXXXXX";
++  std::string file1 = "/ownedby-user";
++  std::string file2 = "/no-exists";
++  if (::mkdtemp(tmpdir.data()) == nullptr) {
++    throw std::runtime_error("creating temporary path for tests failed");
++  }
++
++  int fd;
++  fd = open((tmpdir + file1).c_str(), O_CREAT, S_IRUSR);
++  close(fd);
++  ASSERT_GE(fd, 0);
++
++  EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file1).c_str()));
++  EXPECT_FALSE(file_exists_and_ownedby_root((tmpdir + file2).c_str()));
++  EXPECT_TRUE(file_exists_and_ownedby_root("/proc/1/maps"));
++
++  EXPECT_GT(std_filesystem::remove_all(tmpdir), 0);
++}
++
+ } // namespace utils
+ } // namespace test
+ } // namespace bpftrace
diff --git a/bpftrace.spec b/bpftrace.spec
index 6fac9bd..8ecc7c6 100644
--- a/bpftrace.spec
+++ b/bpftrace.spec
@@ -6,6 +6,7 @@ License:        ASL 2.0
 
 URL:            https://github.com/iovisor/bpftrace
 Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz
+Patch001:       0001-CVE-2024-2313-Fix-security-hole-checking-unpacked-kernel-headers.patch
 
 # Arches will be included as upstream support is added and dependencies are
 # satisfied in the respective arches
-- 
Gitee


From c8db5e167313daa3a3d1a7f8c04a57a7ee5b0f31 Mon Sep 17 00:00:00 2001
From: woody2918 <wudi1@uniontech.com>
Date: Mon, 18 Mar 2024 06:16:08 +0000
Subject: [PATCH 2/3] =?UTF-8?q?update=20bpftrace.spec.=20=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8DCVE=EF=BC=8C=E5=8D=87=E7=BA=A7=E7=89=88=E6=9C=AC?=
 =?UTF-8?q?=E3=80=81=E6=B7=BB=E5=8A=A0changelog=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: woody2918 <wudi1@uniontech.com>
---
 bpftrace.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/bpftrace.spec b/bpftrace.spec
index 8ecc7c6..b0d4f52 100644
--- a/bpftrace.spec
+++ b/bpftrace.spec
@@ -1,6 +1,6 @@
 Name:           bpftrace
 Version:        0.19.1
-Release:        1
+Release:        2
 Summary:        High-level tracing language for Linux eBPF
 License:        ASL 2.0
 
@@ -69,6 +69,9 @@ find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \
 
 
 %changelog
+* Mon Mar 18 2024 woody2918 <wudi1@uniontech.com> - 0.29.1-2
+- Fix CVE-2024-2314
+
 * Mon Jan 08 2024 Paul Thomas <paulthomas100199@gmail.com> - 0.19.1-1
 - update to version 0.19.1
 
-- 
Gitee


From 6a798ffbd22b4f8006e1d5b9e15e47e769a67f74 Mon Sep 17 00:00:00 2001
From: woody2918 <wudi1@uniontech.com>
Date: Mon, 18 Mar 2024 06:48:39 +0000
Subject: [PATCH 3/3] =?UTF-8?q?update=20bpftrace.spec.=20=E4=BF=AE?=
 =?UTF-8?q?=E6=94=B9changelog=E4=B8=AD=E7=9A=84=E9=94=99=E8=AF=AF=E7=89=88?=
 =?UTF-8?q?=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: woody2918 <wudi1@uniontech.com>
---
 bpftrace.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bpftrace.spec b/bpftrace.spec
index b0d4f52..584f96b 100644
--- a/bpftrace.spec
+++ b/bpftrace.spec
@@ -69,7 +69,7 @@ find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \
 
 
 %changelog
-* Mon Mar 18 2024 woody2918 <wudi1@uniontech.com> - 0.29.1-2
+* Mon Mar 18 2024 woody2918 <wudi1@uniontech.com> - 0.19.1-2
 - Fix CVE-2024-2314
 
 * Mon Jan 08 2024 Paul Thomas <paulthomas100199@gmail.com> - 0.19.1-1
-- 
Gitee