Contents of /trunk/util-linux/patches/util-linux-2.12r-setuid-checks.patch
Parent Directory | Revision Log
Revision 392 -
(show annotations)
(download)
Mon Nov 5 11:02:29 2007 UTC (16 years, 10 months ago) by niro
File size: 1860 byte(s)
Mon Nov 5 11:02:29 2007 UTC (16 years, 10 months ago) by niro
File size: 1860 byte(s)
-security update, fixes CVE-2007-5191
1 | From: Ludwig Nussel <ludwig.nussel@suse.de> |
2 | Date: Thu, 20 Sep 2007 12:57:20 +0000 (+0200) |
3 | Subject: mount: doesn't drop privileges properly when calling helpers |
4 | X-Git-Url: http://git.kernel.org/?p=utils%2Futil-linux-ng%2Futil-linux-ng.git;a=commitdiff_plain;h=ebbeb2c7ac1b00b6083905957837a271e80b187e |
5 | |
6 | mount: doesn't drop privileges properly when calling helpers |
7 | |
8 | {,u}mount calls setuid() and setgid() in the wrong order and doesn't checking |
9 | the return value of set{u,g}id(() when running helpers like mount.nfs. |
10 | |
11 | Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> |
12 | Signed-off-by: Karel Zak <kzak@redhat.com> |
13 | --- |
14 | |
15 | diff --git a/mount/mount.c b/mount/mount.c |
16 | index 40699f3..5bc2b30 100644 |
17 | --- a/mount/mount.c |
18 | +++ b/mount/mount.c |
19 | @@ -634,8 +634,12 @@ check_special_mountprog(const char *spec, const char *node, const char *type, in |
20 | char *oo, *mountargs[10]; |
21 | int i = 0; |
22 | |
23 | - setuid(getuid()); |
24 | - setgid(getgid()); |
25 | + if(setgid(getgid()) < 0) |
26 | + die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno)); |
27 | + |
28 | + if(setuid(getuid()) < 0) |
29 | + die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno)); |
30 | + |
31 | oo = fix_opts_string (flags, extra_opts, NULL); |
32 | mountargs[i++] = mountprog; /* 1 */ |
33 | mountargs[i++] = (char *) spec; /* 2 */ |
34 | diff --git a/mount/umount.c b/mount/umount.c |
35 | index b3100c9..3221619 100644 |
36 | --- a/mount/umount.c |
37 | +++ b/mount/umount.c |
38 | @@ -102,8 +102,12 @@ check_special_umountprog(const char *spec, const char *node, |
39 | char *umountargs[8]; |
40 | int i = 0; |
41 | |
42 | - setuid(getuid()); |
43 | - setgid(getgid()); |
44 | + if(setgid(getgid()) < 0) |
45 | + die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno)); |
46 | + |
47 | + if(setuid(getuid()) < 0) |
48 | + die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno)); |
49 | + |
50 | umountargs[i++] = umountprog; |
51 | umountargs[i++] = xstrdup(node); |
52 | if (nomtab) |