docker-library
/
busybox
mirror of https://github.com/docker-library/busybox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add simple fix for CVE-2019-5021 (patching Buildroot's file)

This commit is contained in:
Tianon Gravi 2019-05-08 16:08:27 -07:00
parent 80983244a3
commit 304f1f4bc6
3 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
glibc/Dockerfile.builder
View File

@ -121,6 +121,10 @@ RUN set -ex; \
for f in passwd shadow group; do \
curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
done; \
# CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
grep -E '^root::' rootfs/etc/shadow; \
sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
grep -E '^root:[*]:' rootfs/etc/shadow; \
# set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
awk ' \

4
musl/Dockerfile.builder
View File

@ -108,6 +108,10 @@ RUN set -ex; \
for f in passwd shadow group; do \
curl -fL -o "rootfs/etc/$f" "https://git.busybox.net/buildroot/plain/system/skeleton/etc/$f?id=$buildrootVersion"; \
done; \
# CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
grep -E '^root::' rootfs/etc/shadow; \
sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
grep -E '^root:[*]:' rootfs/etc/shadow; \
# set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
curl -fL -o buildroot-device-table.txt "https://git.busybox.net/buildroot/plain/system/device_table.txt?id=$buildrootVersion"; \
awk ' \

6
uclibc/Dockerfile.builder
View File

@ -244,6 +244,10 @@ RUN set -ex; \
"../buildroot/system/skeleton/etc/$f" \
"rootfs/etc/$f"; \
done; \
# CVE-2019-5021, https://github.com/docker-library/official-images/pull/5880#issuecomment-490681907
grep -E '^root::' rootfs/etc/shadow; \
sed -ri -e 's/^root::/root:*:/' rootfs/etc/shadow; \
grep -E '^root:[*]:' rootfs/etc/shadow; \
# set expected permissions, etc too (https://git.busybox.net/buildroot/tree/system/device_table.txt)
awk ' \
!/^#/ { \
@ -257,7 +261,7 @@ RUN set -ex; \
} \
printf "chmod %s %s\n", $3, $1; \
} \
' "../buildroot/system/device_table.txt" | bash -Eeuo pipefail -x
' ../buildroot/system/device_table.txt | bash -Eeuo pipefail -x
# create missing home directories
RUN set -ex \