Added a Patch to fix a local privilege escalation in udev.

CVE-2009-1185: udev did not check the origin of the netlink
messages. A local attacker could fake device create events
and so gain root privileges.

More information on:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186

diff --git a/lfs/udev b/lfs/udev
index afc9ff7ef5727dc6c2c6931ea1d219f70908f470..af563395823a958708a11762e0e978925be2c56a 100644 (file)
--- a/lfs/udev
+++ b/lfs/udev
@@ -53,7 +53,8 @@ endef
 # Top-level Rules
 ###############################################################################
 
-objects = $(DL_FILE)
+objects = $(DL_FILE) \
+       udev-CVE-2009-1186.patch
 
 download: $(objects)
 
@@ -92,6 +93,10 @@ $(OBJECT): $(objects)
                        --prefix=/usr \
                        --exec-prefix="" \
                        --sysconfdir=/etc
+
+       #This patch fixes a local privilege escalation in udev.( CVE-2009-1186 )
+       cd $(DIR_APP) && patch -Np1 -i udev-CVE-2009-1186.patch
+
        cd $(DIR_APP) && make $(PARALLELISMFLAGS)
        cd $(DIR_APP) && make install