[Pkg-loop-aes-commits] r1464 - in /trunk/loop-aes-utils: ./ debian/changelog debian/patches/52_check_privdrop_return.dpatch
xam at users.alioth.debian.org
xam at users.alioth.debian.org
Fri Oct 19 22:15:17 UTC 2007
Author: xam
Date: Fri Oct 19 22:15:17 2007
New Revision: 1464
URL: http://svn.debian.org/wsvn/pkg-loop-aes/?sc=1&rev=1464
Log:
Check the return value of set{u,g}id in loop-AES code
Added:
trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch
Modified:
trunk/loop-aes-utils/ (props changed)
trunk/loop-aes-utils/debian/changelog
Propchange: trunk/loop-aes-utils/
------------------------------------------------------------------------------
--- svk:merge (original)
+++ svk:merge Fri Oct 19 22:15:17 2007
@@ -1,4 +1,4 @@
-02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:11445
+02a4734a-7125-4a10-a2dd-ccf7f6155d04:/local/pkg-loop-aes/trunk/loop-aes-utils:11446
53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/branches/2.12-alternative:120
53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/branches/2.12-dpatch:196
53348a03-e5de-0310-b097-96e6f85ea926:/import/loop-aes-utils/trunk/current:338
Modified: trunk/loop-aes-utils/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/changelog?rev=1464&op=diff
==============================================================================
--- trunk/loop-aes-utils/debian/changelog (original)
+++ trunk/loop-aes-utils/debian/changelog Fri Oct 19 22:15:17 2007
@@ -3,6 +3,7 @@
* Sync with util-linux 2.13-8
* SECURITY: mount: doesn't drop privileges properly when
calling helpers [CVE-2007-5191]
+ * Check the return value of set{u,g}id in loop-AES code
* mount: chain of symlinks to fstab causes use of pointer after free
-- Max Vozeler <xam at debian.org> Fri, 19 Oct 2007 23:14:28 +0200
Added: trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch
URL: http://svn.debian.org/wsvn/pkg-loop-aes/trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch?rev=1464&op=file
==============================================================================
--- trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch (added)
+++ trunk/loop-aes-utils/debian/patches/52_check_privdrop_return.dpatch Fri Oct 19 22:15:17 2007
@@ -1,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 52_check_privdrop_return.dpatch by Max Vozeler <xam at debian.org>
+##
+## DP: Check return value of set{u,g}uid in loop-AES code
+
+ at DPATCH@
+diff --git a/mount/lomount.c b/mount/lomount.c
+--- a/mount/lomount.c
++++ b/mount/lomount.c
+@@ -444,8 +444,10 @@ static char *do_GPG_pipe(char *pass)
+ a[x++] = str;
+ a[x++] = "--decrypt";
+ a[x] = 0;
+- setgid(getgid());
+- setuid(getuid());
++ if(setgid(getgid()) < 0)
++ die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
++ if(setuid(getuid()) < 0)
++ die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+ for(x = 3; x < 1024; x++) {
+ if(x == pfdi[0]) continue;
+ close(x);
+@@ -782,8 +784,10 @@ static int loop_fork_mkfs_command(char *
+ a[x++] = device;
+ a[x] = 0;
+ e[0] = 0;
+- setgid(getgid());
+- setuid(getuid());
++ if(setgid(getgid()) < 0)
++ die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
++ if(setuid(getuid()) < 0)
++ die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+ for(x = 3; x < 1024; x++) {
+ close(x);
+ }
More information about the Pkg-loop-aes-commits
mailing list