Upstream patch for CVE-2010-4661 wrt #353343 by Paweł Hajdan, Jr.

Package-Manager: portage-2.2.0_alpha30/cvs/Linux x86_64
author: Samuli Suominen <ssuominen@gentoo.org> 2011-04-16 06:06:18 +0000
committer: Samuli Suominen <ssuominen@gentoo.org> 2011-04-16 06:06:18 +0000
commit: 7da7f422929d79e078f0a084a52b555dde22e074 (patch)
tree: 386c8ddc2445f1c3d93093a6acd52fc011ad2c6e /sys-fs
parent: x86 stable per bug 308017 (diff)
download: historical-7da7f422929d79e078f0a084a52b555dde22e074.tar.gz
historical-7da7f422929d79e078f0a084a52b555dde22e074.tar.bz2
historical-7da7f422929d79e078f0a084a52b555dde22e074.zip
4 files changed, 266 insertions, 2 deletions
diff --git a/sys-fs/udisks/ChangeLog b/sys-fs/udisks/ChangeLog
index d10b7a38cda6..2c15744caa86 100644
--- a/sys-fs/udisks/ChangeLog
+++ b/sys-fs/udisks/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-fs/udisks
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/ChangeLog,v 1.32 2011/03/27 21:58:40 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/ChangeLog,v 1.33 2011/04/16 06:06:18 ssuominen Exp $
+
+*udisks-1.0.2-r1 (16 Apr 2011)
+
+  16 Apr 2011; Samuli Suominen <ssuominen@gentoo.org> +udisks-1.0.2-r1.ebuild,
+  +files/udisks-1.0.2-CVE-2010-4661.patch:
+  Upstream patch for CVE-2010-4661 wrt #353343 by Paweł Hajdan, Jr.
 
   22 Mar 2011; Kacper Kowalik <xarthisius@gentoo.org> udisks-1.0.2.ebuild:
   ppc/ppc64 stable wrt #354505
diff --git a/sys-fs/udisks/Manifest b/sys-fs/udisks/Manifest
index 80a2c5ebb2cb..da29b8857a46 100644
--- a/sys-fs/udisks/Manifest
+++ b/sys-fs/udisks/Manifest
@@ -1,4 +1,16 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX udisks-1.0.2-CVE-2010-4661.patch 4790 RMD160 ae379b461830e7b3a201382d3253f62d5fd65c50 SHA1 ced4c739103d1041ee74411118ba8b73658f8e8c SHA256 be4cff70a50d0b69812fb373f381879d492fc3d015cd4162f48633cee1d22812
 DIST udisks-1.0.2.tar.gz 716381 RMD160 a022ac752ac75d3bca102adee05be43f2ebb424e SHA1 a8307d726b7f1255e7008ff708c793a1301d1309 SHA256 7dc1a150a6a31b2727144603fa5a8f9852696fc5bdc4a11917b9b0f1b8e3dcf1
+EBUILD udisks-1.0.2-r1.ebuild 1966 RMD160 5ba005b45cb9ea9826f9712dfd9f3bc4871bb710 SHA1 6d281d6d6f453c79cbfad733fea4212394e35f67 SHA256 abc434f4436215f1d4c32e360d9b81a90df56fdfbacb4a817c0c44a70edc2a4c
 EBUILD udisks-1.0.2.ebuild 1914 RMD160 7fea98c421cb60b7d392cbd9d914319123b2f628 SHA1 44f9366b008d3983c9dc00d42eec937521e0ff47 SHA256 af57931b7188d82fe6fcb6bd875946f931c60801dfc9b4eb6465cbbe4af1258b
-MISC ChangeLog 4278 RMD160 901324084c8424a45635d394c848ca35e1023a45 SHA1 ccbf629f6d9c7640451b1380cb31b9980c30aef5 SHA256 a24c9212554421fb4214a3d1aaa644a15e98eb7d62d15c8352be22d220d4ba01
+MISC ChangeLog 4502 RMD160 8a023024283106e12ef3b41d821c6025d2a29711 SHA1 6c36183bd716360340bb008891057e15fcd13a3d SHA256 3a26a1ad524227f63f231a251a8bdfe2d054f165ffb61f65637db673b5924963
 MISC metadata.xml 367 RMD160 3cc82714647236fdce4606ef9e8432ef2753a553 SHA1 6fd0b25ca51d565fdc6c40b9d1fc90ebff4ddb22 SHA256 9da91cf204d0f5616ca669618f4eed4c477140aef9f7f9218217e63e7d88d051
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iF4EAREIAAYFAk2pMfcACgkQXkR9YqOcLPF5mwD/R+U4grhUJDE/hUL5XMBUQmvW
+MRC0WfQJF++85R9C+gYA/2njVz+MEzbj02CkDL5bOfekSp7N72ig03aDml4S8XR7
+=S51N
+-----END PGP SIGNATURE-----
diff --git a/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch b/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch
new file mode 100644
index 000000000000..bccb138994af
--- /dev/null
+++ b/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch
@@ -0,0 +1,171 @@
+From c933a929f07421ec747cebb24d5e620fc2b97037 Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz@redhat.com>
+Date: Tue, 15 Mar 2011 13:20:44 +0000
+Subject: Bug 32232 – CVE-2010-4661: Arbitrary kernel module load
+
+Validate what is passed to the mount(8) command. In particular, only
+allow either well-known filesystems, filesystems already loaded or
+filesystem explicitly allowed by the administrator via the
+/etc/filesystems file.
+
+See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for details.
+
+Signed-off-by: David Zeuthen <davidz@redhat.com>
+---
+diff --git a/src/device.c b/src/device.c
+index 21d9530..d6595b8 100644
+--- a/src/device.c
++++ b/src/device.c
+@@ -5891,6 +5891,27 @@ static const FSMountOptions fs_mount_options[] =
+     { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self },
+   };
+ 
++static const gchar *well_known_filesystems[] =
++{
++  "btrfs",
++  "ext2",
++  "ext3",
++  "ext4",
++  "udf",
++  "iso9660",
++  "xfs",
++  "jfs",
++  "nilfs",
++  "reiserfs",
++  "reiser4",
++  "msdos",
++  "umsdos",
++  "vfat",
++  "exfat"
++  "ntfs",
++  NULL,
++};
++
+ /* ------------------------------------------------ */
+ 
+ static int num_fs_mount_options = sizeof(fs_mount_options) / sizeof(FSMountOptions);
+@@ -6225,6 +6246,86 @@ filesystem_mount_completed_cb (DBusGMethodInvocation *context,
+     }
+ }
+ 
++static gboolean
++is_in_filesystem_file (const gchar *filesystems_file,
++                       const gchar *fstype)
++{
++  gchar *filesystems;
++  GError *error;
++  gboolean ret;
++  gchar **lines;
++  guint n;
++
++  ret = FALSE;
++  filesystems = NULL;
++  lines = NULL;
++
++  error = NULL;
++  if (!g_file_get_contents (filesystems_file,
++                            &filesystems,
++                            NULL, /* gsize *out_length */
++                            &error))
++    {
++      g_warning ("Error reading /etc/filesystems: %s (%s %d)",
++                 error->message,
++                 g_quark_to_string (error->domain),
++                 error->code);
++      g_error_free (error);
++      goto out;
++    }
++
++  lines = g_strsplit (filesystems, "\n", -1);
++  for (n = 0; lines != NULL && lines[n] != NULL && !ret; n++)
++    {
++      gchar **tokens;
++      gint num_tokens;
++      g_strdelimit (lines[n], " \t", ' ');
++      g_strstrip (lines[n]);
++      tokens = g_strsplit (lines[n], " ", -1);
++      num_tokens = g_strv_length (tokens);
++      if (num_tokens == 1 && g_strcmp0 (tokens[0], fstype) == 0)
++        {
++          ret = TRUE;
++        }
++      g_strfreev (tokens);
++    }
++
++ out:
++  g_strfreev (lines);
++  g_free (filesystems);
++  return ret;
++}
++
++static gboolean
++is_well_known_filesystem (const gchar *fstype)
++{
++  gboolean ret;
++  guint n;
++
++  ret = FALSE;
++  for (n = 0; well_known_filesystems[n] != NULL; n++)
++    {
++      if (g_strcmp0 (well_known_filesystems[n], fstype) == 0)
++        {
++          ret = TRUE;
++          goto out;
++        }
++    }
++ out:
++  return ret;
++}
++
++/* this is not a very efficient implementation but it's very rarely
++ * called so no real point in optimizing it...
++ */
++static gboolean
++is_allowed_filesystem (const gchar *fstype)
++{
++  return is_well_known_filesystem (fstype) ||
++    is_in_filesystem_file ("/proc/filesystems", fstype) ||
++    is_in_filesystem_file ("/etc/filesystems", fstype);
++}
++
+ static void
+ device_filesystem_mount_authorized_cb (Daemon *daemon,
+                                        Device *device,
+@@ -6255,6 +6356,35 @@ device_filesystem_mount_authorized_cb (Daemon *daemon,
+   remove_dir_on_unmount = FALSE;
+   error = NULL;
+ 
++  /* If the user requests the filesystem type, error out unless the
++   * filesystem type is
++   *
++   * - well-known [1]; or
++   * - in the /etc/filesystems file; or
++   * - in the /proc/filesystems file
++   *
++   * We do this because mount(8) on Linux allows loading any arbitrary
++   * kernel module (when invoked as root) by passing something appropriate
++   * to the -t option. So we have to validate whatever we pass.
++   *
++   * See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for more
++   * details.
++   *
++   * [1] : since /etc/filesystems may be horribly out of date and not
++   *       contain e.g. ext4
++   */
++  if (filesystem_type != NULL && strlen (filesystem_type) > 0 &&
++      g_strcmp0 (filesystem_type, "auto") != 0)
++    {
++      if (!is_allowed_filesystem (filesystem_type))
++        {
++          throw_error (context, ERROR_FAILED,
++                       "Requested filesystem type is neither well-known nor "
++                       "in /proc/filesystems nor in /etc/filesystems");
++          goto out;
++        }
++    }
++
+   daemon_local_get_uid (device->priv->daemon, &caller_uid, context);
+ 
+   if (device->priv->id_usage == NULL || strcmp (device->priv->id_usage, "filesystem") != 0)
+--
+cgit v0.8.3-6-g21f6
diff --git a/sys-fs/udisks/udisks-1.0.2-r1.ebuild b/sys-fs/udisks/udisks-1.0.2-r1.ebuild
new file mode 100644
index 000000000000..2f79c75293cc
--- /dev/null
+++ b/sys-fs/udisks/udisks-1.0.2-r1.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/udisks-1.0.2-r1.ebuild,v 1.1 2011/04/16 06:06:18 ssuominen Exp $
+
+EAPI=4
+inherit eutils bash-completion linux-info
+
+DESCRIPTION="Daemon providing interfaces to work with storage devices"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/udisks"
+SRC_URI="http://hal.freedesktop.org/releases/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86"
+IUSE="debug doc nls remote-access"
+
+COMMON_DEPEND=">=sys-fs/udev-147[extras]
+	>=dev-libs/glib-2.16.1:2
+	>=sys-apps/dbus-1.4.0
+	>=dev-libs/dbus-glib-0.92
+	>=sys-auth/polkit-0.97
+	>=sys-block/parted-1.8.8[device-mapper]
+	>=sys-fs/lvm2-2.02.66
+	>=dev-libs/libatasmart-0.14
+	>=sys-apps/sg3_utils-1.27.20090411
+	!sys-apps/devicekit-disks"
+RDEPEND="${COMMON_DEPEND}
+	virtual/eject
+	remote-access? ( net-dns/avahi )"
+DEPEND="${COMMON_DEPEND}
+	dev-util/pkgconfig
+	dev-libs/libxslt
+	app-text/docbook-xsl-stylesheets
+	doc? ( dev-util/gtk-doc
+		app-text/docbook-xml-dtd:4.1.2 )
+	nls? ( >=dev-util/intltool-0.40.0 )"
+
+RESTRICT="test" # this would need running dbus and sudo available
+
+pkg_setup() {
+	DOCS="AUTHORS HACKING NEWS README"
+
+	if use amd64 || use x86; then
+		CONFIG_CHECK="~USB_SUSPEND ~!IDE"
+		linux-info_pkg_setup
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2010-4661.patch
+}
+
+src_configure() {
+	econf \
+		--localstatedir="${EPREFIX}"/var \
+		--disable-dependency-tracking \
+		--disable-static \
+		$(use_enable debug verbose-mode) \
+		--enable-man-pages \
+		$(use_enable doc gtk-doc) \
+		$(use_enable remote-access) \
+		$(use_enable nls) \
+		--with-html-dir="${EPREFIX}"/usr/share/doc/${PF}/html
+}
+
+src_install() {
+	default
+
+	rm -f "${ED}"/etc/profile.d/udisks-bash-completion.sh
+	dobashcompletion tools/udisks-bash-completion.sh ${PN}
+
+	find "${ED}" -name '*.la' -exec rm -f {} +
+
+	keepdir /media
+}
author	Samuli Suominen <ssuominen@gentoo.org>	2011-04-16 06:06:18 +0000
committer	Samuli Suominen <ssuominen@gentoo.org>	2011-04-16 06:06:18 +0000
commit	7da7f422929d79e078f0a084a52b555dde22e074 (patch)
tree	386c8ddc2445f1c3d93093a6acd52fc011ad2c6e /sys-fs
parent	x86 stable per bug 308017 (diff)
download	historical-7da7f422929d79e078f0a084a52b555dde22e074.tar.gz historical-7da7f422929d79e078f0a084a52b555dde22e074.tar.bz2 historical-7da7f422929d79e078f0a084a52b555dde22e074.zip