1 files changed, 0 insertions, 44 deletions

diff --git a/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch b/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch
deleted file mode 100644
index 9746f6ffca64..000000000000
--- a/app-emulation/xen-tools/files/xen-tools-3.1.1-insecure-file-creation-fix.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-
-# HG changeset patch
-# User Keir Fraser <keir@xensource.com>
-# Date 1193128003 -3600
-# Node ID b28ae5f00553ea053bd4e4576634d8ea49e77bc3
-# Parent 118a21c66fd53a08d7191159e5b2888f8d9e4ad2
-xenmon: Fix security vulnerability CVE-2007-3919.
-
-The xenbaked daemon and xenmon utility communicate via a mmap'ed
-shared file. Since this file is located in /tmp, unprivileged users
-can cause arbitrary files to be truncated by creating a symlink from
-the well-known /tmp filename to e.g., /etc/passwd.
-
-The fix is to place the shared file in a directory to which only root
-should have access (in this case /var/run/).
-
-This bug was reported, and the fix suggested, by Steve Kemp
-<skx@debian.org>. Thanks!
-
-Signed-off-by: Keir Fraser <keir@xensource.com>
-
---- a/tools/xenmon/xenbaked.c	Mon Oct 22 21:06:11 2007 +0100
-+++ b/tools/xenmon/xenbaked.c	Tue Oct 23 09:26:43 2007 +0100
-@@ -589,7 +589,7 @@ error_t cmd_parser(int key, char *arg, s
-     return 0;
- }
- 
--#define SHARED_MEM_FILE "/tmp/xenq-shm"
-+#define SHARED_MEM_FILE "/var/run/xenq-shm"
- void alloc_qos_data(int ncpu)
- {
-     int i, n, pgsize, off=0;
---- a/tools/xenmon/xenmon.py	Mon Oct 22 21:06:11 2007 +0100
-+++ b/tools/xenmon/xenmon.py	Tue Oct 23 09:26:43 2007 +0100
-@@ -46,7 +46,7 @@ QOS_DATA_SIZE = struct.calcsize(ST_QDATA
- QOS_DATA_SIZE = struct.calcsize(ST_QDATA)*NSAMPLES + struct.calcsize(ST_DOM_INFO)*NDOMAINS + struct.calcsize("4i")
- 
- # location of mmaped file, hard coded right now
--SHM_FILE = "/tmp/xenq-shm"
-+SHM_FILE = "/var/run/xenq-shm"
- 
- # format strings
- TOTALS = 15*' ' + "%6.2f%%" + 35*' ' + "%6.2f%%"
-