[kernel] r18840 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Mar 14 02:52:35 UTC 2012 

Author: dannf
Date: Wed Mar 14 02:52:34 2012
New Revision: 18840

Log:
ecryptfs: Add mount option to check uid of device being mounted =
expect uid (CVE-2011-1833)

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Wed Mar 14 01:17:27 2012	(r18839)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Wed Mar 14 02:52:34 2012	(r18840)
@@ -1,6 +1,8 @@
 linux-2.6 (2.6.32-41squeeze1) UNRELEASED; urgency=high
 
   * ext4: fix undefined behavior in ext4_fill_flex_info() (CVE-2009-4307)
+  * ecryptfs: Add mount option to check uid of device being mounted =
+    expect uid (CVE-2011-1833)
 
  -- dann frazier <dannf at debian.org>  Tue, 13 Mar 2012 19:04:18 -0600
 

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch	Wed Mar 14 02:52:34 2012	(r18840)
@@ -0,0 +1,134 @@
+From tim.gardner at canonical.com  Wed Feb 15 14:06:11 2012
+From: Tim Gardner <tim.gardner at canonical.com>
+Date: Wed, 15 Feb 2012 14:14:06 -0700
+Subject: Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833
+To: stable at vger.kernel.org, gregkh at linuxfoundation.org
+Cc: Tim Gardner <tim.gardner at canonical.com>, John Johansen <john.johansen at canonical.com>, <stable at kernel.org>, Tyler Hicks <tyler.hicks at canonical.com>
+Message-ID: <1329340446-126150-1-git-send-email-tim.gardner at canonical.com>
+
+From: John Johansen <john.johansen at canonical.com>
+
+(backported from commit 764355487ea220fdc2faf128d577d7f679b91f97)
+
+Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
+source (device) can be raced when the ownership test is done in userspace.
+Provide Ecryptfs a means to force the uid check at mount time.
+
+BugLink: http://bugs.launchpad.net/bugs/732628
+Signed-off-by: John Johansen <john.johansen at canonical.com>
+Signed-off-by: Tyler Hicks <tyler.hicks at canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+[dannf: apply to Debian's 2.6.32]
+---
+ fs/ecryptfs/main.c |   30 +++++++++++++++++++++++++-----
+ 1 file changed, 25 insertions(+), 5 deletions(-)
+
+diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
+index c6ac85d..f6cd392 100644
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -212,7 +212,8 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
+        ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
+        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
+        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
+-       ecryptfs_opt_unlink_sigs, ecryptfs_opt_err };
++       ecryptfs_opt_unlink_sigs, ecryptfs_opt_check_dev_ruid,
++       ecryptfs_opt_err };
+ 
+ static const match_table_t tokens = {
+ 	{ecryptfs_opt_sig, "sig=%s"},
+@@ -227,6 +228,7 @@ static const match_table_t tokens = {
+ 	{ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
+ 	{ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
+ 	{ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
++	{ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
+ 	{ecryptfs_opt_err, NULL}
+ };
+ 
+@@ -270,6 +272,7 @@ static void ecryptfs_init_mount_crypt_stat(
+  * ecryptfs_parse_options
+  * @sb: The ecryptfs super block
+  * @options: The options pased to the kernel
++ * @check_ruid: set to 1 if device uid should be checked against the ruid
+  *
+  * Parse mount options:
+  * debug=N 	   - ecryptfs_verbosity level for debug output
+@@ -285,7 +288,8 @@ static void ecryptfs_init_mount_crypt_stat(
+  *
+  * Returns zero on success; non-zero on error
+  */
+-static int ecryptfs_parse_options(struct super_block *sb, char *options)
++static int ecryptfs_parse_options(struct super_block *sb, char *options,
++					uid_t *check_ruid)
+ {
+ 	char *p;
+ 	int rc = 0;
+@@ -310,6 +314,8 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
+ 	char *cipher_key_bytes_src;
+ 	char *fn_cipher_key_bytes_src;
+ 
++	*check_ruid = 0;
++
+ 	if (!options) {
+ 		rc = -EINVAL;
+ 		goto out;
+@@ -410,6 +416,9 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
+ 		case ecryptfs_opt_unlink_sigs:
+ 			mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
+ 			break;
++		case ecryptfs_opt_check_dev_ruid:
++			*check_ruid = 1;
++			break;
+ 		case ecryptfs_opt_err:
+ 		default:
+ 			printk(KERN_WARNING
+@@ -551,7 +560,8 @@ out:
+  * ecryptfs_interpose to create our initial inode and super block
+  * struct.
+  */
+-static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
++static int ecryptfs_read_super(struct super_block *sb, const char *dev_name,
++				uid_t check_ruid)
+ {
+ 	struct path path;
+ 	int rc;
+@@ -561,6 +571,15 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
+ 		ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
+ 		goto out;
+ 	}
++
++	if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
++		rc = -EPERM;
++		printk(KERN_ERR "Mount of device (uid: %d) not owned by "
++		       "requested user (uid: %d)\n",
++		       path.dentry->d_inode->i_uid, current_uid());
++		goto out_free;
++	}
++
+ 	ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
+ 	sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+ 	sb->s_blocksize = path.dentry->d_sb->s_blocksize;
+@@ -599,6 +618,7 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
+ {
+ 	int rc;
+ 	struct super_block *sb;
++	uid_t check_ruid;
+ 
+ 	rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt);
+ 	if (rc < 0) {
+@@ -606,12 +626,12 @@ static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags,
+ 		goto out;
+ 	}
+ 	sb = mnt->mnt_sb;
+-	rc = ecryptfs_parse_options(sb, raw_data);
++	rc = ecryptfs_parse_options(sb, raw_data, &check_ruid);
+ 	if (rc) {
+ 		printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc);
+ 		goto out_abort;
+ 	}
+-	rc = ecryptfs_read_super(sb, dev_name);
++	rc = ecryptfs_read_super(sb, dev_name, check_ruid);
+ 	if (rc) {
+ 		printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc);
+ 		goto out_abort;

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1	Wed Mar 14 01:17:27 2012	(r18839)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze1	Wed Mar 14 02:52:34 2012	(r18840)
@@ -1 +1,2 @@
 + bugfix/all/ext4-fix-undefined-behavior-in-ext4_fill_flex_info.patch
++ bugfix/all/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch

More information about the Kernel-svn-changes mailing list