rpms/util-linux/F-7 util-linux-2.13-mount-setuid.patch, NONE, 1.1 util-linux.spec, 1.157, 1.158

Mon Oct 8 13:31:01 UTC 2007

Author: kzak

Update of /cvs/pkgs/rpms/util-linux/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18722

Modified Files:
	util-linux.spec 
Added Files:
	util-linux-2.13-mount-setuid.patch 
Log Message:
* Mon Oct  8 2007 Karel Zak <kzak at redhat.com> 2.13-0.55
- fix #320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]


util-linux-2.13-mount-setuid.patch:

--- NEW FILE util-linux-2.13-mount-setuid.patch ---
diff -up util-linux-2.13-pre7/mount/umount.c.kzak util-linux-2.13-pre7/mount/umount.c
--- util-linux-2.13-pre7/mount/umount.c.kzak	2007-10-08 15:22:38.000000000 +0200
+++ util-linux-2.13-pre7/mount/umount.c	2007-10-08 15:24:01.000000000 +0200
@@ -102,8 +102,12 @@ check_special_umountprog(const char *spe
 				char *umountargs[8];
 				int i = 0;
 
-				setuid(getuid());
-				setgid(getgid());
+				if(setgid(getgid()) < 0)
+					die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno));
+
+				if(setuid(getuid()) < 0)
+					die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno));
+
 				umountargs[i++] = umountprog;
 				umountargs[i++] = xstrdup(node);
 				if (nomtab)
diff -up util-linux-2.13-pre7/mount/mount.c.kzak util-linux-2.13-pre7/mount/mount.c
--- util-linux-2.13-pre7/mount/mount.c.kzak	2007-10-08 15:22:38.000000000 +0200
+++ util-linux-2.13-pre7/mount/mount.c	2007-10-08 15:24:01.000000000 +0200
@@ -600,8 +600,12 @@ check_special_mountprog(const char *spec
 		 char *oo, *mountargs[11];
 		 int i = 0;
 
-		 setuid(getuid());
-		 setgid(getgid());
+		 if(setgid(getgid()) < 0)
+			 die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
+
+		 if(setuid(getuid()) < 0)
+			 die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+
 		 oo = fix_opts_string (flags, extra_opts, NULL);
 		 mountargs[i++] = mountprog;
 		 mountargs[i++] = spec;


Index: util-linux.spec
===================================================================
RCS file: /cvs/pkgs/rpms/util-linux/F-7/util-linux.spec,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- util-linux.spec	8 Aug 2007 14:58:29 -0000	1.157
+++ util-linux.spec	8 Oct 2007 13:30:28 -0000	1.158
@@ -9,7 +9,7 @@
 Summary: A collection of basic system utilities.
 Name: util-linux
 Version: 2.13
-Release: 0.54%{?dist}
+Release: 0.55%{?dist}
 License: distributable
 Group: System Environment/Base
 
@@ -264,6 +264,8 @@
 Patch272: util-linux-2.13-blockdev-unsigned.patch
 # backport MS_RELATIME
 Patch273: util-linux-2.13-mount-relatime.patch
+# 320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]
+Patch274: util-linux-2.13-mount-setuid.patch
 
 %description
 The util-linux package contains a large variety of low-level system
@@ -372,6 +374,7 @@
 %patch271 -p1
 %patch272 -p1
 %patch273 -p1
+%patch274 -p1
 
 %build
 unset LINGUAS || :
@@ -785,6 +788,9 @@
 /sbin/losetup
 
 %changelog
+* Mon Oct  8 2007 Karel Zak <kzak at redhat.com> 2.13-0.55
+- fix #320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]
+
 * Wed Aug  8  2007 Karel Zak <kzak at redhat.com> 2.13-0.54
 - backport mount relatime patch
 


