r833 - in lvm2/branches/lenny/debian: . patches

Thu Aug 19 13:03:52 UTC 2010

Author: waldi
Date: Thu Aug 19 13:03:48 2010
New Revision: 833

Log:
Fix CVE-2010-2526.

* debian/changelog: Update.
* debian/patches/CVE-2010-2526.patch, debian/patches/series: Add patch.

Added:
   lvm2/branches/lenny/debian/patches/CVE-2010-2526.patch
Modified:
   lvm2/branches/lenny/debian/changelog
   lvm2/branches/lenny/debian/patches/series

Modified: lvm2/branches/lenny/debian/changelog
==============================================================================

--- lvm2/branches/lenny/debian/changelog	Thu Aug 19 12:46:04 2010	(r832)
+++ lvm2/branches/lenny/debian/changelog	Thu Aug 19 13:03:48 2010	(r833)
@@ -1,3 +1,10 @@
+lvm2 (2.02.39-8) UNRELEASED; urgency=high
+
+  * CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
+   (Closes: #591204)
+
+ -- Bastian Blank <waldi at debian.org>  Thu, 19 Aug 2010 14:51:29 +0200
+
 lvm2 (2.02.39-7) stable; urgency=low
 
   * Add multipath as prereq of initramfs-tools script. (closes: #511903)

Added: lvm2/branches/lenny/debian/patches/CVE-2010-2526.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ lvm2/branches/lenny/debian/patches/CVE-2010-2526.patch	Thu Aug 19 13:03:48 2010	(r833)
@@ -0,0 +1,143 @@
+--- a/daemons/clvmd/clvm.h
++++ b/daemons/clvmd/clvm.h
+@@ -45,9 +45,8 @@
+ #define CLVMD_FLAG_SYSTEMLV     2	/* Data in system LV under my node name */
+ #define CLVMD_FLAG_NODEERRS     4       /* Reply has errors in node-specific portion */
+ 
+-/* Name of the local socket to communicate between libclvm and clvmd */
+-//static const char CLVMD_SOCKNAME[]="/var/run/clvmd";
+-static const char CLVMD_SOCKNAME[] = "\0clvmd";
++/* Name of the local socket to communicate between lvm and clvmd */
++static const char CLVMD_SOCKNAME[]= "/var/run/lvm/clvmd.sock";
+ 
+ /* Internal commands & replies */
+ #define CLVMD_CMD_REPLY    1
+--- a/daemons/clvmd/clvmd.c
++++ b/daemons/clvmd/clvmd.c
+@@ -123,6 +123,7 @@
+ static int process_reply(const struct clvm_header *msg, int msglen,
+ 			 const char *csid);
+ static int open_local_sock(void);
++static void close_local_sock(int local_socket);
+ static int check_local_clvmd(void);
+ static struct local_client *find_client(int clientid);
+ static void main_loop(int local_sock, int cmd_timeout);
+@@ -245,6 +246,23 @@
+ 	return buf;
+ }
+ 
++/*
++ * clvmd require dm-ioctl capability for operation
++ */
++static void check_permissions()
++{
++	if (getuid() || geteuid()) {
++		log_error("Cannot run as a non-root user.");
++
++		 /*
++		  * Fail cleanly here if not run as root, instead of failing
++		  * later when attempting a root-only operation
++		  * Preferred exit code from an initscript for this.
++		  */
++		exit(4);
++	}
++}
++
+ int main(int argc, char *argv[])
+ {
+ 	int local_sock;
+@@ -272,6 +290,7 @@
+ 			exit(0);
+ 
+ 		case 'R':
++			check_permissions();
+ 			return refresh_clvmd();
+ 
+ 		case 'C':
+@@ -314,6 +333,8 @@
+ 		}
+ 	}
+ 
++	check_permissions();
++
+ 	/* Setting debug options on an existing clvmd */
+ 	if (debug_opt && !check_local_clvmd()) {
+ 
+@@ -438,6 +459,8 @@
+ 	/* Do some work */
+ 	main_loop(local_sock, cmd_timeout);
+ 
++	close_local_sock(local_sock);
++
+ 	return 0;
+ }
+ 
+@@ -770,7 +793,6 @@
+ 
+       closedown:
+ 	clops->cluster_closedown();
+-	close(local_sock);
+ }
+ 
+ static __attribute__ ((noreturn)) void wait_for_child(int c_pipe, int timeout)
+@@ -1865,20 +1887,30 @@
+ 	return ret;
+ }
+ 
++static void close_local_sock(int local_socket)
++{
++	if (local_socket != -1 && close(local_socket))
++		stack;
++
++	if (CLVMD_SOCKNAME[0] != '\0' && unlink(CLVMD_SOCKNAME))
++		stack;
++}
+ 
+ /* Open the local socket, that's the one we talk to libclvm down */
+ static int open_local_sock()
+ {
+-	int local_socket;
++	int local_socket = -1;
+ 	struct sockaddr_un sockaddr;
++	mode_t old_mask;
++
++	close_local_sock(local_socket);
++	old_mask = umask(0077);
+ 
+ 	/* Open local socket */
+-	if (CLVMD_SOCKNAME[0] != '\0')
+-		unlink(CLVMD_SOCKNAME);
+ 	local_socket = socket(PF_UNIX, SOCK_STREAM, 0);
+ 	if (local_socket < 0) {
+ 		log_error("Can't create local socket: %m");
+-		return -1;
++		goto error;
+ 	}
+ 	/* Set Close-on-exec & non-blocking */
+ 	fcntl(local_socket, F_SETFD, 1);
+@@ -1889,18 +1921,19 @@
+ 	sockaddr.sun_family = AF_UNIX;
+ 	if (bind(local_socket, (struct sockaddr *) &sockaddr, sizeof(sockaddr))) {
+ 		log_error("can't bind local socket: %m");
+-		close(local_socket);
+-		return -1;
++		goto error;
+ 	}
+ 	if (listen(local_socket, 1) != 0) {
+ 		log_error("listen local: %m");
+-		close(local_socket);
+-		return -1;
++		goto error;
+ 	}
+-	if (CLVMD_SOCKNAME[0] != '\0')
+-		chmod(CLVMD_SOCKNAME, 0600);
+ 
++	umask(old_mask);
+ 	return local_socket;
++error:
++	close_local_sock(local_socket);
++	umask(old_mask);
++	return -1;
+ }
+ 
+ void process_message(struct local_client *client, const char *buf, int len,

Modified: lvm2/branches/lenny/debian/patches/series
==============================================================================
--- lvm2/branches/lenny/debian/patches/series	Thu Aug 19 12:46:04 2010	(r832)
+++ lvm2/branches/lenny/debian/patches/series	Thu Aug 19 13:03:48 2010	(r833)
@@ -4,3 +4,4 @@
 config.patch
 force-modprobe.patch
 permissions.patch
+CVE-2010-2526.patch

