3
0
forked from pool/util-linux
util-linux/umount-sanitize-paths-from-non-root-users.patch
Petr Uzel b30522c80d - add-canonicalize_path_restricted.patch,
mount-sanitize-paths-from-non-root-users.patch,
  umount-sanitize-paths-from-non-root-users.patch:
  prevent leaking information about existence of folders
  (bnc#797002, CVE-2013-0157)

OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=150
2013-01-07 13:47:48 +00:00

85 lines
2.4 KiB
Diff

From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 16:25:46 +0100
Subject: [PATCH] umount: sanitize paths from non-root users
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/Makefile.am | 4 +++-
sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++--
2 files changed, 33 insertions(+), 3 deletions(-)
Index: util-linux-2.21.2/sys-utils/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
+++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU
mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-umount_SOURCES = umount.c $(top_srcdir)/lib/env.c
+umount_SOURCES = umount.c \
+ $(top_srcdir)/lib/env.c \
+ $(top_srcdir)/lib/canonicalize.c
umount_LDADD = $(ul_libmount_la)
umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir)
umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
Index: util-linux-2.21.2/sys-utils/umount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/umount.c
+++ util-linux-2.21.2/sys-utils/umount.c
@@ -34,6 +34,7 @@
#include "env.h"
#include "optutils.h"
#include "exitcodes.h"
+#include "canonicalize.h"
static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
const char *filename, int line)
@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont
return rc;
}
+/*
+ * Check path -- non-root user should not be able to resolve path which is
+ * unreadable for him.
+ */
+static char *sanitize_path(const char *path)
+{
+ char *p;
+
+ if (!path)
+ return NULL;
+
+ p = canonicalize_path_restricted(path);
+ if (!p)
+ err(MOUNT_EX_USAGE, "%s", path);
+
+ return p;
+}
+
int main(int argc, char **argv)
{
int c, rc = 0, all = 0;
@@ -388,8 +407,17 @@ int main(int argc, char **argv)
} else if (argc < 1) {
usage(stderr);
- } else while (argc--)
- rc += umount_one(cxt, *argv++);
+ } else while (argc--) {
+ char *path = *argv++;
+
+ if (mnt_context_is_restricted(cxt))
+ path = sanitize_path(path);
+
+ rc += umount_one(cxt, path);
+
+ if (mnt_context_is_restricted(cxt))
+ free(path);
+ }
mnt_free_context(cxt);
return rc;