Hello community, here is the log from the commit of package udisks for openSUSE:11.3 checked in at Wed Apr 27 17:46:58 CEST 2011. -------- --- old-versions/11.3/UPDATES/all/udisks/udisks.changes 2010-07-15 14:39:40.000000000 +0200 +++ 11.3/udisks/udisks.changes 2011-04-27 13:45:29.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Apr 27 13:42:45 CEST 2011 - kay.sievers@novell.com + +- Fix: Arbitrary LKMs from /lib/modules can be loaded + CVE-2010-4661 (bnc#653900) + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- udisks-kernel-module-load-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ udisks.spec ++++++ --- /var/tmp/diff_new_pack.2o3PtQ/_old 2011-04-27 17:46:37.000000000 +0200 +++ /var/tmp/diff_new_pack.2o3PtQ/_new 2011-04-27 17:46:37.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package udisks (Version 1.0.1) +# spec file for package udisks # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: udisks Version: 1.0.1 -Release: 2.<RELEASE1> +Release: 2.<RELEASE3> License: GPLv2+ Summary: Disk Management Service Url: http://cgit.freedesktop.org/udisks/ @@ -47,6 +47,8 @@ #BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch10: udisks-kernel-module-load-fix.patch + %description udisks provides a daemon, D-Bus API and command line tools for managing disks and storage devices. @@ -66,6 +68,7 @@ %prep %setup -q +%patch10 -p1 %build export V=1 ++++++ udisks-kernel-module-load-fix.patch ++++++
From c933a929f07421ec747cebb24d5e620fc2b97037 Mon Sep 17 00:00:00 2001 From: David Zeuthen <davidz@redhat.com> Date: Tue, 15 Mar 2011 13:20:44 +0000 Subject: Bug 32232 – CVE-2010-4661: Arbitrary kernel module load
Validate what is passed to the mount(8) command. In particular, only allow either well-known filesystems, filesystems already loaded or filesystem explicitly allowed by the administrator via the /etc/filesystems file. See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for details. Signed-off-by: David Zeuthen <davidz@redhat.com> --- diff --git a/src/device.c b/src/device.c index 21d9530..d6595b8 100644 --- a/src/device.c +++ b/src/device.c @@ -5891,6 +5891,27 @@ static const FSMountOptions fs_mount_options[] = { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self }, }; +static const gchar *well_known_filesystems[] = +{ + "btrfs", + "ext2", + "ext3", + "ext4", + "udf", + "iso9660", + "xfs", + "jfs", + "nilfs", + "reiserfs", + "reiser4", + "msdos", + "umsdos", + "vfat", + "exfat" + "ntfs", + NULL, +}; + /* ------------------------------------------------ */ static int num_fs_mount_options = sizeof(fs_mount_options) / sizeof(FSMountOptions); @@ -6225,6 +6246,86 @@ filesystem_mount_completed_cb (DBusGMethodInvocation *context, } } +static gboolean +is_in_filesystem_file (const gchar *filesystems_file, + const gchar *fstype) +{ + gchar *filesystems; + GError *error; + gboolean ret; + gchar **lines; + guint n; + + ret = FALSE; + filesystems = NULL; + lines = NULL; + + error = NULL; + if (!g_file_get_contents (filesystems_file, + &filesystems, + NULL, /* gsize *out_length */ + &error)) + { + g_warning ("Error reading /etc/filesystems: %s (%s %d)", + error->message, + g_quark_to_string (error->domain), + error->code); + g_error_free (error); + goto out; + } + + lines = g_strsplit (filesystems, "\n", -1); + for (n = 0; lines != NULL && lines[n] != NULL && !ret; n++) + { + gchar **tokens; + gint num_tokens; + g_strdelimit (lines[n], " \t", ' '); + g_strstrip (lines[n]); + tokens = g_strsplit (lines[n], " ", -1); + num_tokens = g_strv_length (tokens); + if (num_tokens == 1 && g_strcmp0 (tokens[0], fstype) == 0) + { + ret = TRUE; + } + g_strfreev (tokens); + } + + out: + g_strfreev (lines); + g_free (filesystems); + return ret; +} + +static gboolean +is_well_known_filesystem (const gchar *fstype) +{ + gboolean ret; + guint n; + + ret = FALSE; + for (n = 0; well_known_filesystems[n] != NULL; n++) + { + if (g_strcmp0 (well_known_filesystems[n], fstype) == 0) + { + ret = TRUE; + goto out; + } + } + out: + return ret; +} + +/* this is not a very efficient implementation but it's very rarely + * called so no real point in optimizing it... + */ +static gboolean +is_allowed_filesystem (const gchar *fstype) +{ + return is_well_known_filesystem (fstype) || + is_in_filesystem_file ("/proc/filesystems", fstype) || + is_in_filesystem_file ("/etc/filesystems", fstype); +} + static void device_filesystem_mount_authorized_cb (Daemon *daemon, Device *device, @@ -6255,6 +6356,35 @@ device_filesystem_mount_authorized_cb (Daemon *daemon, remove_dir_on_unmount = FALSE; error = NULL; + /* If the user requests the filesystem type, error out unless the + * filesystem type is + * + * - well-known [1]; or + * - in the /etc/filesystems file; or + * - in the /proc/filesystems file + * + * We do this because mount(8) on Linux allows loading any arbitrary + * kernel module (when invoked as root) by passing something appropriate + * to the -t option. So we have to validate whatever we pass. + * + * See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for more + * details. + * + * [1] : since /etc/filesystems may be horribly out of date and not + * contain e.g. ext4 + */ + if (filesystem_type != NULL && strlen (filesystem_type) > 0 && + g_strcmp0 (filesystem_type, "auto") != 0) + { + if (!is_allowed_filesystem (filesystem_type)) + { + throw_error (context, ERROR_FAILED, + "Requested filesystem type is neither well-known nor " + "in /proc/filesystems nor in /etc/filesystems"); + goto out; + } + } + daemon_local_get_uid (device->priv->daemon, &caller_uid, context); if (device->priv->id_usage == NULL || strcmp (device->priv->id_usage, "filesystem") != 0) -- cgit v0.8.3-6-g21f6 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org