b30522c80d
mount-sanitize-paths-from-non-root-users.patch, umount-sanitize-paths-from-non-root-users.patch: prevent leaking information about existence of folders (bnc#797002, CVE-2013-0157) OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=150
85 lines
2.4 KiB
Diff
85 lines
2.4 KiB
Diff
From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001
|
|
From: Karel Zak <kzak@redhat.com>
|
|
Date: Mon, 26 Nov 2012 16:25:46 +0100
|
|
Subject: [PATCH] umount: sanitize paths from non-root users
|
|
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
|
---
|
|
sys-utils/Makefile.am | 4 +++-
|
|
sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++--
|
|
2 files changed, 33 insertions(+), 3 deletions(-)
|
|
|
|
Index: util-linux-2.21.2/sys-utils/Makefile.am
|
|
===================================================================
|
|
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
|
|
+++ util-linux-2.21.2/sys-utils/Makefile.am
|
|
@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU
|
|
mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
|
|
mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
|
|
|
|
-umount_SOURCES = umount.c $(top_srcdir)/lib/env.c
|
|
+umount_SOURCES = umount.c \
|
|
+ $(top_srcdir)/lib/env.c \
|
|
+ $(top_srcdir)/lib/canonicalize.c
|
|
umount_LDADD = $(ul_libmount_la)
|
|
umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir)
|
|
umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
|
|
Index: util-linux-2.21.2/sys-utils/umount.c
|
|
===================================================================
|
|
--- util-linux-2.21.2.orig/sys-utils/umount.c
|
|
+++ util-linux-2.21.2/sys-utils/umount.c
|
|
@@ -34,6 +34,7 @@
|
|
#include "env.h"
|
|
#include "optutils.h"
|
|
#include "exitcodes.h"
|
|
+#include "canonicalize.h"
|
|
|
|
static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
|
|
const char *filename, int line)
|
|
@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont
|
|
return rc;
|
|
}
|
|
|
|
+/*
|
|
+ * Check path -- non-root user should not be able to resolve path which is
|
|
+ * unreadable for him.
|
|
+ */
|
|
+static char *sanitize_path(const char *path)
|
|
+{
|
|
+ char *p;
|
|
+
|
|
+ if (!path)
|
|
+ return NULL;
|
|
+
|
|
+ p = canonicalize_path_restricted(path);
|
|
+ if (!p)
|
|
+ err(MOUNT_EX_USAGE, "%s", path);
|
|
+
|
|
+ return p;
|
|
+}
|
|
+
|
|
int main(int argc, char **argv)
|
|
{
|
|
int c, rc = 0, all = 0;
|
|
@@ -388,8 +407,17 @@ int main(int argc, char **argv)
|
|
} else if (argc < 1) {
|
|
usage(stderr);
|
|
|
|
- } else while (argc--)
|
|
- rc += umount_one(cxt, *argv++);
|
|
+ } else while (argc--) {
|
|
+ char *path = *argv++;
|
|
+
|
|
+ if (mnt_context_is_restricted(cxt))
|
|
+ path = sanitize_path(path);
|
|
+
|
|
+ rc += umount_one(cxt, path);
|
|
+
|
|
+ if (mnt_context_is_restricted(cxt))
|
|
+ free(path);
|
|
+ }
|
|
|
|
mnt_free_context(cxt);
|
|
return rc;
|