forked from pool/util-linux
034a75e444
- add-canonicalize_path_restricted.patch, mount-sanitize-paths-from-non-root-users.patch, umount-sanitize-paths-from-non-root-users.patch: prevent leaking information about existence of folders (bnc#797002, CVE-2013-0157) OBS-URL: https://build.opensuse.org/request/show/147398 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/util-linux?expand=0&rev=154
103 lines
2.9 KiB
Diff
103 lines
2.9 KiB
Diff
From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001
|
|
From: Karel Zak <kzak@redhat.com>
|
|
Date: Mon, 26 Nov 2012 14:30:22 +0100
|
|
Subject: [PATCH] mount: sanitize paths from non-root users
|
|
|
|
$ mount /root/.ssh/../../dev/sda2
|
|
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
|
|
|
|
this is too promiscuous. It seems better to ignore on command line
|
|
specified paths which are not resolve-able for non-root users.
|
|
|
|
Fixed version:
|
|
|
|
$ mount /root/.ssh/../../dev/sda2
|
|
mount: /root/.ssh/../../dev/sda2: Permission denied
|
|
|
|
$ mount /dev/sda2
|
|
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
|
|
|
|
Note that this bug has no relation to mount(2) permissions evaluation
|
|
in suid mode. The way how non-root user specifies paths on command
|
|
line is completely irrelevant for comparison with fstab entries.
|
|
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
|
|
---
|
|
sys-utils/Makefile.am | 1 +
|
|
sys-utils/mount.c | 35 +++++++++++++++++++++++++++++++++++
|
|
2 files changed, 36 insertions(+)
|
|
|
|
Index: util-linux-2.21.2/sys-utils/Makefile.am
|
|
===================================================================
|
|
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
|
|
+++ util-linux-2.21.2/sys-utils/Makefile.am
|
|
@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab.
|
|
mount_SOURCES = mount.c \
|
|
$(top_srcdir)/lib/env.c \
|
|
$(top_srcdir)/lib/xgetpass.c \
|
|
+ $(top_srcdir)/lib/canonicalize.c \
|
|
$(top_srcdir)/lib/strutils.c
|
|
|
|
mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
|
|
Index: util-linux-2.21.2/sys-utils/mount.c
|
|
===================================================================
|
|
--- util-linux-2.21.2.orig/sys-utils/mount.c
|
|
+++ util-linux-2.21.2/sys-utils/mount.c
|
|
@@ -38,6 +38,7 @@
|
|
#include "strutils.h"
|
|
#include "exitcodes.h"
|
|
#include "xalloc.h"
|
|
+#include "canonicalize.h"
|
|
|
|
/*** TODO: DOCS:
|
|
*
|
|
@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab
|
|
return fstab;
|
|
}
|
|
|
|
+/*
|
|
+ * Check source and target paths -- non-root user should not be able to
|
|
+ * resolve paths which are unreadable for him.
|
|
+ */
|
|
+static void sanitize_paths(struct libmnt_context *cxt)
|
|
+{
|
|
+ const char *p;
|
|
+ struct libmnt_fs *fs = mnt_context_get_fs(cxt);
|
|
+
|
|
+ if (!fs)
|
|
+ return;
|
|
+
|
|
+ p = mnt_fs_get_target(fs);
|
|
+ if (p) {
|
|
+ char *np = canonicalize_path_restricted(p);
|
|
+ if (!np)
|
|
+ err(MOUNT_EX_USAGE, "%s", p);
|
|
+ mnt_fs_set_target(fs, np);
|
|
+ free(np);
|
|
+ }
|
|
+
|
|
+ p = mnt_fs_get_srcpath(fs);
|
|
+ if (p) {
|
|
+ char *np = canonicalize_path_restricted(p);
|
|
+ if (!np)
|
|
+ err(MOUNT_EX_USAGE, "%s", p);
|
|
+ mnt_fs_set_source(fs, np);
|
|
+ free(np);
|
|
+ }
|
|
+}
|
|
+
|
|
static void __attribute__((__noreturn__)) usage(FILE *out)
|
|
{
|
|
fputs(USAGE_HEADER, out);
|
|
@@ -880,6 +912,9 @@ int main(int argc, char **argv)
|
|
} else
|
|
usage(stderr);
|
|
|
|
+ if (mnt_context_is_restricted(cxt))
|
|
+ sanitize_paths(cxt);
|
|
+
|
|
if (oper) {
|
|
/* MS_PROPAGATION operations, let's set the mount flags */
|
|
mnt_context_set_mflags(cxt, oper);
|