rpms/autofs/F-7 autofs-5.0.2-hosts-nosuid-default.patch, NONE, 1.1 autofs.spec, 1.218, 1.219
Ian Kent (iankent)
fedora-extras-commits at redhat.com
Thu Dec 13 07:44:12 UTC 2007
- Previous message (by thread): rpms/torque/F-7 .cvsignore, 1.12, 1.13 sources, 1.12, 1.13 torque.spec, 1.23, 1.24
- Next message (by thread): rpms/lftp/devel lftp-3.5.14-progress_overflow.patch, NONE, 1.1 lftp.spec, 1.63, 1.64
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: iankent
Update of /cvs/pkgs/rpms/autofs/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31847
Modified Files:
autofs.spec
Added Files:
autofs-5.0.2-hosts-nosuid-default.patch
Log Message:
* Thu Dec 13 2007 Ian Kent <ikent at redhat.com> - 5.0.1-29
- Bug 421351: CVE-2007-5964 autofs defaults don't restrict suid in /net [f7]
- use mount option "nosuid" for "-hosts" map unless "suid" is explicily specified.
autofs-5.0.2-hosts-nosuid-default.patch:
--- NEW FILE autofs-5.0.2-hosts-nosuid-default.patch ---
diff -up autofs-5.0.1/modules/parse_sun.c.hosts-nosuid-default autofs-5.0.1/modules/parse_sun.c
--- autofs-5.0.1/modules/parse_sun.c.hosts-nosuid-default 2007-12-05 17:07:25.000000000 +0900
+++ autofs-5.0.1/modules/parse_sun.c 2007-12-05 17:07:55.000000000 +0900
@@ -496,6 +496,7 @@ static int sun_mount(struct autofs_point
int rv, cur_state;
char *mountpoint;
char *what;
+ char *type;
if (*options == '\0')
options = NULL;
@@ -585,6 +586,36 @@ static int sun_mount(struct autofs_point
mountpoint = alloca(namelen + 1);
sprintf(mountpoint, "%.*s", namelen, name);
+ type = ap->entry->maps->type;
+ if (type && !strcmp(type, "hosts")) {
+ if (options) {
+ if (!strstr(options, "suid")) {
+ char *tmp = alloca(strlen(options) + 8);
+ if (!tmp) {
+ error(ap->logopt, MODPREFIX
+ "alloca failed for options");
+ if (nonstrict)
+ return -1;
+ return 1;
+ }
+ strcpy(tmp, options);
+ strcat(tmp, ",nosuid");
+ options = tmp;
+ }
+ } else {
+ char *tmp = alloca(7);
+ if (!tmp) {
+ error(ap->logopt,
+ MODPREFIX "alloca failed for options");
+ if (nonstrict)
+ return -1;
+ return 1;
+ }
+ strcpy(tmp, "nosuid");
+ options = tmp;
+ }
+ }
+
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
if (!strcmp(fstype, "nfs")) {
what = alloca(loclen + 1);
diff -up autofs-5.0.1/samples/auto.master.hosts-nosuid-default autofs-5.0.1/samples/auto.master
--- autofs-5.0.1/samples/auto.master.hosts-nosuid-default 2007-12-05 17:07:24.000000000 +0900
+++ autofs-5.0.1/samples/auto.master 2007-12-05 17:07:55.000000000 +0900
@@ -7,6 +7,11 @@
# For details of the format look at autofs(5).
#
/misc /etc/auto.misc
+#
+# NOTE: mounts done from a hosts map will be mounted with the
+# "nosuid" option unless the "suid" option is explicitly
+# given.
+#
/net -hosts
#
# Include central master map if it can be found using
diff -up autofs-5.0.1/man/auto.master.5.in.hosts-nosuid-default autofs-5.0.1/man/auto.master.5.in
--- autofs-5.0.1/man/auto.master.5.in.hosts-nosuid-default 2007-12-05 17:07:25.000000000 +0900
+++ autofs-5.0.1/man/auto.master.5.in 2007-12-05 17:07:55.000000000 +0900
@@ -196,6 +196,9 @@ For example, with an entry in the master
.hy
accessing /net/myserver will mount exports from myserver on directories below
/net/myserver.
+.P
+NOTE: mounts done from a hosts map will be mounted with the "nosuid" option
+unless the "suid" option is explicitly given in the master map entry.
.SH LDAP MAPS
If the map type \fBldap\fP is specified the mapname is of the form
\fB[//servername/]dn\fP, where the optional \fBservername\fP is
Index: autofs.spec
===================================================================
RCS file: /cvs/pkgs/rpms/autofs/F-7/autofs.spec,v
retrieving revision 1.218
retrieving revision 1.219
diff -u -r1.218 -r1.219
--- autofs.spec 5 Sep 2007 05:33:14 -0000 1.218
+++ autofs.spec 13 Dec 2007 07:43:31 -0000 1.219
@@ -4,7 +4,7 @@
Summary: A tool for automatically mounting and unmounting filesystems
Name: autofs
Version: 5.0.1
-Release: 28
+Release: 29
Epoch: 1
License: GPL
Group: System Environment/Daemons
@@ -46,6 +46,7 @@
Patch34: autofs-5.0.2-default-nsswitch.patch
Patch35: autofs-5.0.1-add-ldaps-support.patch
Patch36: autofs-5.0.1-add-ldap-schema-discovery.patch
+Patch37: autofs-5.0.2-hosts-nosuid-default.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs
Conflicts: kernel < 2.6.17
@@ -123,6 +124,7 @@
%patch34 -p1
%patch35 -p1
%patch36 -p1
+%patch37 -p1
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@@ -175,6 +177,10 @@
%{_libdir}/autofs/
%changelog
+* Thu Dec 13 2007 Ian Kent <ikent at redhat.com> - 5.0.1-29
+- Bug 421351: CVE-2007-5964 autofs defaults don't restrict suid in /net [f7]
+ - use mount option "nosuid" for "-hosts" map unless "suid" is explicily specified.
+
* Wed Sep 5 2007 Ian Kent <ikent at redhat.com> - 5.0.1-28
- add ldaps support (required by schema discovery).
- add back LDAP schema discovery if no schema is configured.
- Previous message (by thread): rpms/torque/F-7 .cvsignore, 1.12, 1.13 sources, 1.12, 1.13 torque.spec, 1.23, 1.24
- Next message (by thread): rpms/lftp/devel lftp-3.5.14-progress_overflow.patch, NONE, 1.1 lftp.spec, 1.63, 1.64
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list