[Pkg-loop-aes-commits] r1462 - in /trunk/loop-aes-utils: ./ debian/changelog debian/patches/00list debian/patches/51_CVE-2007-5191.dpatch

xam at users.alioth.debian.org xam at users.alioth.debian.org
Fri Oct 19 22:15:06 UTC 2007 

Author: xam
Date: Fri Oct 19 22:15:06 2007
New Revision: 1462

URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1462
Log:
* Sync with util-linux 2.13-8
* SECURITY: mount: doesn't drop privileges properly when 
  calling helpers [CVE-2007-5191]

Added:
    trunk/loop-aes-utils/debian/patches/51_CVE-2007-5191.dpatch   (with props)
Modified:
    trunk/loop-aes-utils/   (props changed)
    trunk/loop-aes-utils/debian/changelog
    trunk/loop-aes-utils/debian/patches/00list

Propchange: trunk/loop-aes-utils/
------------------------------------------------------------------------------
--- svk:merge (original)
+++ svk:merge Fri Oct 19 22:15:06 2007
@@ -1,4 +1,4 @@
-02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:11150
+02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:11444
 53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/branches/2.12-alternative:120
 53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/branches/2.12-dpatch:196
 53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/trunk/current:338

Modified: trunk/loop-aes-utils/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/changelog?rev=1462&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/changelog (original)
+++ trunk/loop-aes-utils/debian/changelog Fri Oct 19 22:15:06 2007
@@ -1,3 +1,11 @@
+loop-aes-utils (2.13-2) UNRELEASED; urgency=low
+
+  * Sync with util-linux 2.13-8
+  * SECURITY: mount: doesn't drop privileges properly when 
+    calling helpers [CVE-2007-5191]
+
+ -- Max Vozeler <xam at debian.org>  Fri, 19 Oct 2007 23:14:28 +0200
+
 loop-aes-utils (2.13-1) unstable; urgency=low
 
   * New upstream release 

Modified: trunk/loop-aes-utils/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/00list?rev=1462&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/patches/00list (original)
+++ trunk/loop-aes-utils/debian/patches/00list Fri Oct 19 22:15:06 2007
@@ -1,1 +1,2 @@
 20loop-AES
+51_CVE-2007-5191

Added: trunk/loop-aes-utils/debian/patches/51_CVE-2007-5191.dpatch
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/51_CVE-2007-5191.dpatch?rev=1462&op=file
==============================================================================
--- trunk/loop-aes-utils/debian/patches/51_CVE-2007-5191.dpatch (added)
+++ trunk/loop-aes-utils/debian/patches/51_CVE-2007-5191.dpatch Fri Oct 19 22:15:06 2007
@@ -1,0 +1,53 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+ at DPATCH@
+commit ebbeb2c7ac1b00b6083905957837a271e80b187e
+Author: Ludwig Nussel <ludwig.nussel at suse.de>
+Date:   Thu Sep 20 14:57:20 2007 +0200
+
+    mount: doesn't drop privileges properly when calling helpers
+    
+    {,u}mount calls setuid() and setgid() in the wrong order and doesn't checking
+    the return value of set{u,g}id(() when running helpers like mount.nfs.
+    
+    Signed-off-by: Ludwig Nussel <ludwig.nussel at suse.de>
+    Signed-off-by: Karel Zak <kzak at redhat.com>
+
+diff --git a/mount/mount.c b/mount/mount.c
+index 40699f3..5bc2b30 100644
+--- a/mount/mount.c
++++ b/mount/mount.c
+@@ -634,8 +634,12 @@ check_special_mountprog(const char *spec, const char *node, const char *type, in
+ 		 char *oo, *mountargs[10];
+ 		 int i = 0;
+ 
+-		 setuid(getuid());
+-		 setgid(getgid());
++		 if(setgid(getgid()) < 0)
++			 die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
++
++		 if(setuid(getuid()) < 0)
++			 die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
++
+ 		 oo = fix_opts_string (flags, extra_opts, NULL);
+ 		 mountargs[i++] = mountprog;				/* 1 */
+ 		 mountargs[i++] = (char *) spec;			/* 2 */
+diff --git a/mount/umount.c b/mount/umount.c
+index b3100c9..3221619 100644
+--- a/mount/umount.c
++++ b/mount/umount.c
+@@ -102,8 +102,12 @@ check_special_umountprog(const char *spec, const char *node,
+ 				char *umountargs[8];
+ 				int i = 0;
+ 
+-				setuid(getuid());
+-				setgid(getgid());
++				if(setgid(getgid()) < 0)
++					die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno));
++
++				if(setuid(getuid()) < 0)
++					die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno));
++
+ 				umountargs[i++] = umountprog;
+ 				umountargs[i++] = xstrdup(node);
+ 				if (nomtab)

Propchange: trunk/loop-aes-utils/debian/patches/51_CVE-2007-5191.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the Pkg-loop-aes-commits mailing list