File: CVE-2011-3145.patch

package info (click to toggle)
ecryptfs-utils 83-4%2Bsqueeze2
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 2,732 kB
  • ctags: 1,402
  • sloc: ansic: 15,975; sh: 11,096; makefile: 250; python: 41
file content (90 lines) | stat: -rw-r--r-- 2,262 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
Description: fix wrong mtab ownership and permissions
Author: Marc Deslauriers <marc.deslauriers@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/830850

--- ecryptfs-utils-83.orig/src/utils/mount.ecryptfs_private.c
+++ ecryptfs-utils-83/src/utils/mount.ecryptfs_private.c
@@ -221,12 +221,14 @@
 	int fd;
 	FILE *old_mtab, *new_mtab;
 	struct mntent *old_ent, new_ent;
+	mode_t old_umask;
 
 	/* Make an attempt to play nice with other mount helpers
 	 * by creating an /etc/mtab~ lock file. Of course this
 	 * only works if those other helpers actually check for
 	 * this.
 	 */
+	old_umask = umask(033);
 	fd = open("/etc/mtab~", O_RDONLY | O_CREAT | O_EXCL, 0644);
 	if (fd < 0) {
 		perror("open");
@@ -279,6 +281,8 @@
 
 	unlink("/etc/mtab~");
 
+	umask(old_umask);
+
 	return 0;
 
 fail:
@@ -288,6 +292,7 @@
 fail_early:
 	endmntent(old_mtab);
 	unlink("/etc/mtab~");
+	umask(old_umask);
 	return 1;
 }
 
@@ -423,7 +428,7 @@
  *  c) updating /etc/mtab
  */
 int main(int argc, char *argv[]) {
-	int uid, mounting;
+	int uid, gid, mounting;
 	int force = 0;
 	int fnek = 1;
 	struct passwd *pwd;
@@ -432,6 +437,7 @@
 	FILE *fh_counter = NULL;
 
 	uid = getuid();
+	gid = getgid();
 	/* Non-privileged effective uid is sufficient for all but the code
  	 * that mounts, unmounts, and updates /etc/mtab.
 	 * Run at a lower privilege until we need it.
@@ -548,7 +554,15 @@
 		 * the real uid to be that of the user.
 		 * And we need the effective uid to be root in order to mount.
 		 */
-		setreuid(-1, 0);
+		if (setreuid(-1, 0) < 0) {
+			perror("setreuid");
+			goto fail;
+		}
+		if (setregid(-1, 0) < 0) {
+			perror("setregid");
+			goto fail;
+		}
+
 		/* Perform mount */
 		if (mount(dev, ".", FSTYPE, 0, opt) == 0) {
 			if (update_mtab(dev, mnt, opt) != 0) {
@@ -560,6 +574,9 @@
 			if (setreuid(uid, uid) < 0) {
 				perror("setreuid");
 			}
+			if (setregid(gid, gid) < 0) {
+				perror("setregid");
+			}
 			goto fail;
 		}
 	} else {
@@ -580,6 +597,7 @@
 		 * Do not use the umount.ecryptfs helper (-i).
  		 */
 		setresuid(0,0,0);
+		setresgid(0,0,0);
 
 		/* Since we're doing a lazy unmount anyway, just unmount the current
 		 * directory. This avoids a lot of complexity in dealing with race