Annotation of /trunk/util-linux/patches/util-linux-2.12r-setuid-checks.patch
Parent Directory | Revision Log
Revision 392 -
(hide annotations)
(download)
Mon Nov 5 11:02:29 2007 UTC (16 years, 10 months ago) by niro
File size: 1860 byte(s)
Mon Nov 5 11:02:29 2007 UTC (16 years, 10 months ago) by niro
File size: 1860 byte(s)
-security update, fixes CVE-2007-5191
1 | niro | 392 | From: Ludwig Nussel <ludwig.nussel@suse.de> |
2 | Date: Thu, 20 Sep 2007 12:57:20 +0000 (+0200) | ||
3 | Subject: mount: doesn't drop privileges properly when calling helpers | ||
4 | X-Git-Url: http://git.kernel.org/?p=utils%2Futil-linux-ng%2Futil-linux-ng.git;a=commitdiff_plain;h=ebbeb2c7ac1b00b6083905957837a271e80b187e | ||
5 | |||
6 | mount: doesn't drop privileges properly when calling helpers | ||
7 | |||
8 | {,u}mount calls setuid() and setgid() in the wrong order and doesn't checking | ||
9 | the return value of set{u,g}id(() when running helpers like mount.nfs. | ||
10 | |||
11 | Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> | ||
12 | Signed-off-by: Karel Zak <kzak@redhat.com> | ||
13 | --- | ||
14 | |||
15 | diff --git a/mount/mount.c b/mount/mount.c | ||
16 | index 40699f3..5bc2b30 100644 | ||
17 | --- a/mount/mount.c | ||
18 | +++ b/mount/mount.c | ||
19 | @@ -634,8 +634,12 @@ check_special_mountprog(const char *spec, const char *node, const char *type, in | ||
20 | char *oo, *mountargs[10]; | ||
21 | int i = 0; | ||
22 | |||
23 | - setuid(getuid()); | ||
24 | - setgid(getgid()); | ||
25 | + if(setgid(getgid()) < 0) | ||
26 | + die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno)); | ||
27 | + | ||
28 | + if(setuid(getuid()) < 0) | ||
29 | + die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno)); | ||
30 | + | ||
31 | oo = fix_opts_string (flags, extra_opts, NULL); | ||
32 | mountargs[i++] = mountprog; /* 1 */ | ||
33 | mountargs[i++] = (char *) spec; /* 2 */ | ||
34 | diff --git a/mount/umount.c b/mount/umount.c | ||
35 | index b3100c9..3221619 100644 | ||
36 | --- a/mount/umount.c | ||
37 | +++ b/mount/umount.c | ||
38 | @@ -102,8 +102,12 @@ check_special_umountprog(const char *spec, const char *node, | ||
39 | char *umountargs[8]; | ||
40 | int i = 0; | ||
41 | |||
42 | - setuid(getuid()); | ||
43 | - setgid(getgid()); | ||
44 | + if(setgid(getgid()) < 0) | ||
45 | + die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno)); | ||
46 | + | ||
47 | + if(setuid(getuid()) < 0) | ||
48 | + die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno)); | ||
49 | + | ||
50 | umountargs[i++] = umountprog; | ||
51 | umountargs[i++] = xstrdup(node); | ||
52 | if (nomtab) |