[Pkg-ltsp-devel] Bug#758090: ltspfs: lbmount use of "mount --move" incompatible with systemd

Vagrant Cascadian vagrant at debian.org
Thu Aug 14 22:32:09 UTC 2014 

On 2014-08-14, Vagrant Cascadian wrote:
> Honestly, I'd rather figure out a way to safely mount the ltspfs mount
> directly without "mount --move". We could have a setuid wrapper that instead
> creates the mountpoint directly as /media/USERNAME/MOUNT 

Patch below which basically implements this part...


> and ensures it actually mounts, and some way of ensuring that it
> unmounts and removes the /media/USERNAME/MOUNT directory when
> done... possibly with a mount.helper and/or umount.helper

It doesn't include a mount/umount helper, or prevent the user from using
lbmount to create arbitrary /media/USERNAME/* dirs owned by them.

It is a huge reduction in setuid root code:

 scripts/ltspfsmounter | 37 +++++++++++--------------------------
 src/lbmount.c         | 68 --------------------------------------------------------------------
 2 files changed, 11 insertions(+), 94 deletions(-)

diff --git a/scripts/ltspfsmounter b/scripts/ltspfsmounter
index 5322b23..97b45ff 100644
--- a/scripts/ltspfsmounter
+++ b/scripts/ltspfsmounter
@@ -28,47 +28,35 @@ def run_hooks(mode, mountpoint):
 def get_var(name):
     return os.environ.get(name)
 
-def add_ltspfsmount(conn, path, root, dev, mediaroot):
-    hidden_mount = '%s/%s' % (root, dev)
+def add_ltspfsmount(conn, path, dev, mediaroot):
     lbmount_command = ['lbmount', dev]
-    ltspfs_mount = ['ltspfs', conn+':'+path, root+'/'+dev]
-    ltspfs_umount=['fusermount', '-uzq', hidden_mount]
-
-    if not os.access(root, 0):
-        os.mkdir(root)
-    if not os.access(hidden_mount, 0):
-        os.mkdir(hidden_mount)
+    ltspfs_mount = ['ltspfs', conn+':'+path, mediaroot+'/'+dev]
 
     env = os.environ.copy()
 
     try:
-        call(ltspfs_mount, env=env)
-    except OSError, e:
-        print >>sys.stderr, "mount failed:", e
-    try:
         call(lbmount_command)
-        if os.access(hidden_mount, 0):
-            call(ltspfs_umount)
-            os.rmdir(hidden_mount)
-        if os.access(root, 0):
-            os.rmdir(root)
         run_hooks('add', os.path.join(mediaroot, dev))
     except OSError, e:
         print >>sys.stderr, "suid mount failed:", e
+    try:
+        call(ltspfs_mount, env=env)
+    except OSError, e:
+        print >>sys.stderr, "mount failed:", e
 
 def remove_ltspfsmount(root, dev):
     lbumount_command=['lbmount', '--umount', dev]
     ltspfs_umount=['fusermount', '-uzq', root+'/'+dev]
 
     try:
-        call(lbumount_command)
-    except OSError, e:
-        print >>sys.stderr, "suid umount failed:", e
-    try:
         call(ltspfs_umount)
         run_hooks('remove', os.path.join(root, dev))
     except OSError, e:
         print >>sys.stderr, "umount failed:", e
+    try:
+        call(lbumount_command)
+    except OSError, e:
+        print >>sys.stderr, "suid umount failed:", e
 
 def cleanup(user):
     known_mounts = open( '/proc/mounts', 'r' ).readlines()
@@ -78,8 +66,6 @@ def cleanup(user):
                 mountpoint=mount.split()[1]
                 device=mountpoint.split('/')[-1]
                 if dir=='/media' and mountpoint.startswith(dir):
-                    call(['lbmount', '--umount', device])
-                elif dir=='/tmp' and mountpoint.startswith(dir):
                     call(['fusermount', '-uzq', mountpoint])
                     if os.access(mountpoint, 0):
                         os.rmdir(mountpoint)
@@ -104,7 +90,6 @@ def main():
     path = sys.argv[1]
     command = sys.argv[2]
     username = get_var('USER')
-    root = "/tmp/.%s-ltspfs" % username
     mediaroot = "/media/%s" % username
 
     if not get_var('SSH_CONNECTION'):
@@ -116,7 +101,7 @@ def main():
     dev = path.split('/')[-1]
 
     if command=='add':
-        add_ltspfsmount(conn, path, root, dev, mediaroot)
+        add_ltspfsmount(conn, path, dev, mediaroot)
     elif command=='remove':
         remove_ltspfsmount(mediaroot, dev)
     elif command=='cleanup':
diff --git a/src/lbmount.c b/src/lbmount.c
index 61152f5..dea7bd6 100644
--- a/src/lbmount.c
+++ b/src/lbmount.c
@@ -53,8 +53,6 @@ static uid_t uidReal;           /* Users real userid */
  */
 
 static char *mediadir = "/media";
-static char *ltspfsdir1 = "/tmp/.";
-static char *ltspfsdir2 = "-ltspfs/";
 static char *mountprog = "/bin/mount";  /* system mount program */
 static char *umountprog = "/bin/umount";        /* system umount program */
 
@@ -135,52 +133,6 @@ void mkdir_safe(char *dir)
 }
 
 /*
- * domount: actually bindmounts path1 onto path2.
- */
-
-int root_mounter(const char *path1, const char *path2)
-{
-    int status;
-    pid_t child;
-    char *program;
-    char *null_env[] = { NULL };
-
-    child = fork();
-
-    if (child == 0) {
-        if (setreuid(0, -1)) {
-            /* Couldn't become root */
-            perror("Couldn't obtain root privs");
-            exit(1);
-        }
-        /* Statically build command line to prevent monkey business */
-        if (path2)
-            execle(mountprog, mountprog, "--bind", path1, path2, NULL,
-                   null_env);
-        else
-            execle(umountprog, umountprog, "-l", path1, NULL, null_env);
-        perror("Error: execl() returned");
-        exit(1);                                 /* exec should never return */
-    } else if (child > 0) {
-        if (waitpid(child, &status, 0) < 0) {
-            perror("Error: wait() call failed");
-            exit(1);
-        }
-    } else if (child < 0) {
-        perror("Error: fork() failed");
-        exit(1);
-    }
-
-    if (!WIFEXITED(status)) {
-        fprintf(stderr, "Error: execle() returned no status");
-        exit(1);
-    }
-
-    return WEXITSTATUS(status);
-}
-
-
-/*
  * mainline
  */
 
@@ -190,7 +142,6 @@ int main(int argc, char **argv)
     struct passwd *pwent;
     char *mountpoint = NULL;    /* command line supplied media name */
     char mediamount[PATH_MAX];  /* fully pathed mountpoint in /media */
-    char ltspfsmount[PATH_MAX]; /* fully pathed ltspfs mount in /tmp */
 
     int option;
     static struct option long_opts[] = {
@@ -257,17 +208,7 @@ int main(int argc, char **argv)
         exit(1);
     }
 
-    /*
-     * Build our ltspfs mountpoint string, and check and see if it exists.
-     */
-
-    snprintf(ltspfsmount, sizeof(ltspfsmount), "%s%s%s%s",
-             ltspfsdir1, pwent->pw_name, ltspfsdir2, mountpoint);
-
     if (!umount) {
-        if (!is_mounted(ltspfsmount))
-            exit(1);
-
         /* OK, name's a normal size, and looks valid. Begin creating the media
          * mount point. First, we need to create /media/uid */
 
@@ -282,21 +223,12 @@ int main(int argc, char **argv)
                  pwent->pw_name, mountpoint);
 
         mkdir_safe(mediamount);
-
-        return root_mounter(ltspfsmount, mediamount);
     } else {
         /* umount */
 
         snprintf(mediamount, sizeof(mediamount), "%s/%s/%s", mediadir,
                  pwent->pw_name, mountpoint);
 
-        if (is_mounted(mediamount))
-            root_mounter(mediamount, NULL);
-        else {
-            fprintf(stderr, "Error: %s unmountable", mediamount);
-            exit(1);
-        }
-
         if (rmdir(mediamount)) {
             perror("Unable to rmdir() in /media");
             exit(1);


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ltsp-devel/attachments/20140814/62716831/attachment.sig>

More information about the Pkg-ltsp-devel mailing list