Hello community,
here is the log from the commit of package udisks for openSUSE:11.3
checked in at Wed Apr 27 17:46:58 CEST 2011.
--------
--- old-versions/11.3/UPDATES/all/udisks/udisks.changes 2010-07-15 14:39:40.000000000 +0200
+++ 11.3/udisks/udisks.changes 2011-04-27 13:45:29.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Apr 27 13:42:45 CEST 2011 - kay.sievers@novell.com
+
+- Fix: Arbitrary LKMs from /lib/modules can be loaded
+ CVE-2010-4661 (bnc#653900)
+
+-------------------------------------------------------------------
calling whatdependson for 11.3-i586
New:
----
udisks-kernel-module-load-fix.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ udisks.spec ++++++
--- /var/tmp/diff_new_pack.2o3PtQ/_old 2011-04-27 17:46:37.000000000 +0200
+++ /var/tmp/diff_new_pack.2o3PtQ/_new 2011-04-27 17:46:37.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package udisks (Version 1.0.1)
+# spec file for package udisks
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
Name: udisks
Version: 1.0.1
-Release: 2.<RELEASE1>
+Release: 2.<RELEASE3>
License: GPLv2+
Summary: Disk Management Service
Url: http://cgit.freedesktop.org/udisks/
@@ -47,6 +47,8 @@
#BuildRequires: zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+Patch10: udisks-kernel-module-load-fix.patch
+
%description
udisks provides a daemon, D-Bus API and command line tools
for managing disks and storage devices.
@@ -66,6 +68,7 @@
%prep
%setup -q
+%patch10 -p1
%build
export V=1
++++++ udisks-kernel-module-load-fix.patch ++++++
From c933a929f07421ec747cebb24d5e620fc2b97037 Mon Sep 17 00:00:00 2001
From: David Zeuthen
Date: Tue, 15 Mar 2011 13:20:44 +0000
Subject: Bug 32232 – CVE-2010-4661: Arbitrary kernel module load
Validate what is passed to the mount(8) command. In particular, only
allow either well-known filesystems, filesystems already loaded or
filesystem explicitly allowed by the administrator via the
/etc/filesystems file.
See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for details.
Signed-off-by: David Zeuthen
---
diff --git a/src/device.c b/src/device.c
index 21d9530..d6595b8 100644
--- a/src/device.c
+++ b/src/device.c
@@ -5891,6 +5891,27 @@ static const FSMountOptions fs_mount_options[] =
{ "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self },
};
+static const gchar *well_known_filesystems[] =
+{
+ "btrfs",
+ "ext2",
+ "ext3",
+ "ext4",
+ "udf",
+ "iso9660",
+ "xfs",
+ "jfs",
+ "nilfs",
+ "reiserfs",
+ "reiser4",
+ "msdos",
+ "umsdos",
+ "vfat",
+ "exfat"
+ "ntfs",
+ NULL,
+};
+
/* ------------------------------------------------ */
static int num_fs_mount_options = sizeof(fs_mount_options) / sizeof(FSMountOptions);
@@ -6225,6 +6246,86 @@ filesystem_mount_completed_cb (DBusGMethodInvocation *context,
}
}
+static gboolean
+is_in_filesystem_file (const gchar *filesystems_file,
+ const gchar *fstype)
+{
+ gchar *filesystems;
+ GError *error;
+ gboolean ret;
+ gchar **lines;
+ guint n;
+
+ ret = FALSE;
+ filesystems = NULL;
+ lines = NULL;
+
+ error = NULL;
+ if (!g_file_get_contents (filesystems_file,
+ &filesystems,
+ NULL, /* gsize *out_length */
+ &error))
+ {
+ g_warning ("Error reading /etc/filesystems: %s (%s %d)",
+ error->message,
+ g_quark_to_string (error->domain),
+ error->code);
+ g_error_free (error);
+ goto out;
+ }
+
+ lines = g_strsplit (filesystems, "\n", -1);
+ for (n = 0; lines != NULL && lines[n] != NULL && !ret; n++)
+ {
+ gchar **tokens;
+ gint num_tokens;
+ g_strdelimit (lines[n], " \t", ' ');
+ g_strstrip (lines[n]);
+ tokens = g_strsplit (lines[n], " ", -1);
+ num_tokens = g_strv_length (tokens);
+ if (num_tokens == 1 && g_strcmp0 (tokens[0], fstype) == 0)
+ {
+ ret = TRUE;
+ }
+ g_strfreev (tokens);
+ }
+
+ out:
+ g_strfreev (lines);
+ g_free (filesystems);
+ return ret;
+}
+
+static gboolean
+is_well_known_filesystem (const gchar *fstype)
+{
+ gboolean ret;
+ guint n;
+
+ ret = FALSE;
+ for (n = 0; well_known_filesystems[n] != NULL; n++)
+ {
+ if (g_strcmp0 (well_known_filesystems[n], fstype) == 0)
+ {
+ ret = TRUE;
+ goto out;
+ }
+ }
+ out:
+ return ret;
+}
+
+/* this is not a very efficient implementation but it's very rarely
+ * called so no real point in optimizing it...
+ */
+static gboolean
+is_allowed_filesystem (const gchar *fstype)
+{
+ return is_well_known_filesystem (fstype) ||
+ is_in_filesystem_file ("/proc/filesystems", fstype) ||
+ is_in_filesystem_file ("/etc/filesystems", fstype);
+}
+
static void
device_filesystem_mount_authorized_cb (Daemon *daemon,
Device *device,
@@ -6255,6 +6356,35 @@ device_filesystem_mount_authorized_cb (Daemon *daemon,
remove_dir_on_unmount = FALSE;
error = NULL;
+ /* If the user requests the filesystem type, error out unless the
+ * filesystem type is
+ *
+ * - well-known [1]; or
+ * - in the /etc/filesystems file; or
+ * - in the /proc/filesystems file
+ *
+ * We do this because mount(8) on Linux allows loading any arbitrary
+ * kernel module (when invoked as root) by passing something appropriate
+ * to the -t option. So we have to validate whatever we pass.
+ *
+ * See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for more
+ * details.
+ *
+ * [1] : since /etc/filesystems may be horribly out of date and not
+ * contain e.g. ext4
+ */
+ if (filesystem_type != NULL && strlen (filesystem_type) > 0 &&
+ g_strcmp0 (filesystem_type, "auto") != 0)
+ {
+ if (!is_allowed_filesystem (filesystem_type))
+ {
+ throw_error (context, ERROR_FAILED,
+ "Requested filesystem type is neither well-known nor "
+ "in /proc/filesystems nor in /etc/filesystems");
+ goto out;
+ }
+ }
+
daemon_local_get_uid (device->priv->daemon, &caller_uid, context);
if (device->priv->id_usage == NULL || strcmp (device->priv->id_usage, "filesystem") != 0)
--
cgit v0.8.3-6-g21f6
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org