[ecryptfs-utils/f14] security fixes: privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832) r
Michal Hlavinka
mhlavink at fedoraproject.org
Thu Aug 11 11:26:10 UTC 2011
commit ae40e2bf2463fc1bbc2ee74e215dba8d553ff3e3
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Thu Aug 11 13:25:55 2011 +0200
security fixes:
privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832)
race condition when checking source during mount (CVE-2011-1833)
mtab corruption via improper handling (CVE-2011-1834)
key poisoning via insecure temp directory handling (CVE-2011-1835)
information disclosure via recovery mount in /tmp (CVE-2011-1836)
arbitrary file overwrite via lock counter race (CVE-2011-1837)
.gitignore | 1 +
ecryptfs-utils-75-werror.patch | 45 ++++++++++++++---------
ecryptfs-utils-86-manpage.patch | 41 +++++++++++++++++++++
ecryptfs-utils-87-mtab.patch | 76 ++++++++++++++++++++-------------------
ecryptfs-utils.spec | 26 ++++++++++---
sources | 2 +-
6 files changed, 129 insertions(+), 62 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5f8bf70..e927580 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ ecryptfs-mount-private.png
/ecryptfs-utils_85.orig.tar.gz
/ecryptfs-utils_86.orig.tar.gz
/ecryptfs-utils_87.orig.tar.gz
+/ecryptfs-utils_90.orig.tar.gz
diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch
index f02992b..fddf477 100644
--- a/ecryptfs-utils-75-werror.patch
+++ b/ecryptfs-utils-75-werror.patch
@@ -1,6 +1,6 @@
-diff -up ecryptfs-utils-86/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-86/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
---- ecryptfs-utils-86/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-02-25 17:04:05.760026778 +0100
-+++ ecryptfs-utils-86/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-02-25 17:04:05.841024970 +0100
+diff -up ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+--- ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-08-11 10:26:55.453235671 +0200
++++ ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-08-11 10:26:55.471235788 +0200
@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->serialized_id = NULL;
}
@@ -150,9 +150,9 @@ diff -up ecryptfs-utils-86/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror e
subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
-diff -up ecryptfs-utils-86/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-86/src/libecryptfs/ecryptfs-stat.c
---- ecryptfs-utils-86/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100
-+++ ecryptfs-utils-86/src/libecryptfs/ecryptfs-stat.c 2011-02-25 17:04:05.843024925 +0100
+diff -up ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c
+--- ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c 2011-08-11 10:26:55.472235795 +0200
@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
@@ -162,9 +162,9 @@ diff -up ecryptfs-utils-86/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils
"bytes; there are only [%zu] bytes\n", __FUNCTION__,
(ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
-diff -up ecryptfs-utils-86/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-86/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-86/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-02-06 03:44:30.000000000 +0100
-+++ ecryptfs-utils-86/src/pam_ecryptfs/pam_ecryptfs.c 2011-02-25 17:10:08.898668231 +0100
+diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-02-06 03:44:30.000000000 +0100
++++ ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-11 10:26:55.472235795 +0200
@@ -39,35 +39,11 @@
#include <sys/stat.h>
#include <fcntl.h>
@@ -261,9 +261,9 @@ diff -up ecryptfs-utils-86/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils
goto out;
}
saved_uid = geteuid();
-diff -up ecryptfs-utils-86/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-86/src/utils/mount.ecryptfs.c
---- ecryptfs-utils-86/src/utils/mount.ecryptfs.c.werror 2010-12-17 18:34:04.000000000 +0100
-+++ ecryptfs-utils-86/src/utils/mount.ecryptfs.c 2011-02-25 17:04:05.857024613 +0100
+diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs.c
+--- ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror 2011-08-11 10:26:55.468235767 +0200
++++ ecryptfs-utils-90/src/utils/mount.ecryptfs.c 2011-08-11 10:26:55.473235801 +0200
@@ -461,7 +461,7 @@ static int ecryptfs_do_mount(int argc, c
{
int rc;
@@ -282,9 +282,9 @@ diff -up ecryptfs-utils-86/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-86/s
if (!(temp = strdup("ecryptfs_unlink_sigs"))) {
rc = -ENOMEM;
goto out;
-diff -up ecryptfs-utils-86/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-86/src/utils/mount.ecryptfs_private.c
---- ecryptfs-utils-86/src/utils/mount.ecryptfs_private.c.werror 2011-02-25 17:04:05.802025842 +0100
-+++ ecryptfs-utils-86/src/utils/mount.ecryptfs_private.c 2011-02-25 17:04:05.859024569 +0100
+diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c
+--- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror 2011-08-11 10:26:55.461235723 +0200
++++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c 2011-08-11 10:27:23.264417014 +0200
@@ -95,7 +95,6 @@ int read_config(char *pw_dir, int uid, c
*s = strdup(e->mnt_fsname);
if (!*s)
@@ -293,9 +293,18 @@ diff -up ecryptfs-utils-86/src/utils/mount.ecryptfs_private.c.werror ecryptfs-ut
return 0;
}
-diff -up ecryptfs-utils-86/src/utils/test.c.werror ecryptfs-utils-86/src/utils/test.c
---- ecryptfs-utils-86/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100
-+++ ecryptfs-utils-86/src/utils/test.c 2011-02-25 17:04:05.860024547 +0100
+@@ -300,7 +299,7 @@ int update_mtab(char *dev, char *mnt, ch
+ goto fail_early;
+ }
+
+- while (old_ent = getmntent(old_mtab)) {
++ while ((old_ent = getmntent(old_mtab))) {
+ if (addmntent(new_mtab, old_ent) != 0) {
+ perror("addmntent");
+ goto fail;
+diff -up ecryptfs-utils-90/src/utils/test.c.werror ecryptfs-utils-90/src/utils/test.c
+--- ecryptfs-utils-90/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-90/src/utils/test.c 2011-08-11 10:26:55.474235807 +0200
@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
diff --git a/ecryptfs-utils-86-manpage.patch b/ecryptfs-utils-86-manpage.patch
new file mode 100644
index 0000000..be7e243
--- /dev/null
+++ b/ecryptfs-utils-86-manpage.patch
@@ -0,0 +1,41 @@
+diff -up ecryptfs-utils-87/doc/manpage/ecryptfs.7.manfix ecryptfs-utils-87/doc/manpage/ecryptfs.7
+--- ecryptfs-utils-87/doc/manpage/ecryptfs.7.manfix 2011-03-09 14:30:32.000000000 +0100
++++ ecryptfs-utils-87/doc/manpage/ecryptfs.7 2011-05-24 08:56:38.288877849 +0200
+@@ -1,6 +1,6 @@
+ .TH ecryptfs 7 2009-03-24 ecryptfs-utils "eCryptfs"
+ .SH NAME
+-eCryptfs \- an enterprise-class cryptographic filesystem for linux
++eCryptfs \- an enterprise-class cryptographic filesystem for Linux
+
+ .SH SYNOPSIS
+ .BI "mount -t ecryptfs [SRC DIR] [DST DIR] -o [OPTIONS]"
+@@ -67,7 +67,7 @@ Parameters that apply to individual key
+ The actual password is passphrase. Since the password is visible to utilities (like ps under Unix) this form should only be used where security is not important.
+ .TP
+ .B passphrase_passwd_file=(filename)
+-The password should be specified in a file with passwd=(passphrase). It is highly reccomended that the file be stored on a secure medium such as a personal usb key.
++The password should be specified in a file with passwd=(passphrase). It is highly reccomended that the file be stored on a secure medium such as a personal USB key.
+ .TP
+ .B passphrase_passwd_fd=(file descriptor)
+ The password is specified through the specified file descriptor.
+@@ -79,7 +79,7 @@ The salt should be specified as a 16 dig
+ The filename should be the filename of a file containing an RSA SSL key.
+ .TP
+ .B openssl_passwd_file=(filename)
+-The password should be specified in a file with openssl_passwd=(openssl-password). It is highly reccomended that the file be stored on a secure medium such as a personal usb key.
++The password should be specified in a file with openssl_passwd=(openssl-password). It is highly recommended that the file be stored on a secure medium such as a personal USB key.
+ .TP
+ .B openssl_passwd_fd=(file descriptor)
+ The password is specified through the specified file descriptor.
+diff -up ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1.manfix ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1
+--- ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1.manfix 2011-03-09 14:30:32.000000000 +0100
++++ ecryptfs-utils-87/doc/manpage/ecryptfs-rewrite-file.1 2011-05-24 08:55:41.279482521 +0200
+@@ -14,7 +14,7 @@ This script may be combined with \fBfind
+ ecryptfs-umount-private
+ sync
+
+-It is advised that this script is executed in runlevel 1 or 3, to avoid simultanteous writes and race conditions with targeted files.
++It is advised that this script is executed in runlevel 1 or 3, to avoid simultaneous writes and race conditions with targeted files.
+
+ \fBUSING THIS SCRIPT WHILE GNOME, KDE, OR OTHER APPLICATIONS ARE RUNNING MAY CAUSE DATA LOSS.\fP
+
diff --git a/ecryptfs-utils-87-mtab.patch b/ecryptfs-utils-87-mtab.patch
index bebbec1..1e819f5 100644
--- a/ecryptfs-utils-87-mtab.patch
+++ b/ecryptfs-utils-87-mtab.patch
@@ -1,39 +1,41 @@
-From eed8b4e5f7635f67ac68be426ade7964086e8fa0 Mon Sep 17 00:00:00 2001
-From: Christophe Dumez <christophe.dumez at intel.com>
-Date: Sun, 29 May 2011 17:23:53 +0300
-Subject: [PATCH] Do not update mtab if it is a symlink
-
-mount.ecryptfs_private: Do not attempt to update
-mtab if it is a symbolic link.
----
- src/utils/mount.ecryptfs_private.c | 11 ++++++++++-
- 1 files changed, 10 insertions(+), 1 deletions(-)
-
-diff --git a/src/utils/mount.ecryptfs_private.c b/src/utils/mount.ecryptfs_private.c
-index c19fa84..0fa02e6 100644
---- a/src/utils/mount.ecryptfs_private.c
-+++ b/src/utils/mount.ecryptfs_private.c
-@@ -264,9 +264,18 @@ int is_mounted(char *dev, char *mnt, char *sig, int mounting) {
+diff -up ecryptfs-utils-90/src/libecryptfs/main.c.mtabfix ecryptfs-utils-90/src/libecryptfs/main.c
+--- ecryptfs-utils-90/src/libecryptfs/main.c.mtabfix 2011-02-22 18:35:26.000000000 +0100
++++ ecryptfs-utils-90/src/libecryptfs/main.c 2011-08-11 10:24:24.274245958 +0200
+@@ -382,6 +382,7 @@ out:
-
- int update_mtab(char *dev, char *mnt, char *opt) {
--/* Update /etc/mtab with new mount entry.
-+/* Update /etc/mtab with new mount entry unless it is a symbolic link
- * Return 0 on success, 1 on failure.
- */
+ int ecryptfs_mount(char *source, char *target, unsigned long flags, char *opts)
+ {
+ char dummy;
-+ int useMtab;
-+ /* Check if mtab is a symlink */
-+ useMtab = (readlink("/etc/mtab", &dummy, 1) < 0);
-+ if (!useMtab) {
-+ /* No need updating mtab */
-+ return 0;
-+ }
-+
- FILE *fh;
- struct mntent m;
- fh = setmntent("/etc/mtab", "a");
---
-1.7.5.2
-
-
+ FILE *mtab_fd = NULL;
+ struct mntent mountent;
+ char *fullpath_source = NULL;
+@@ -425,11 +426,14 @@ int ecryptfs_mount(char *source, char *t
+ syslog(LOG_ERR, "Failed to perform eCryptfs mount: [%m]\n");
+ goto out;
+ }
+- mtab_fd = setmntent("/etc/mtab", "a");
+- if (!mtab_fd) {
+- rc = -EACCES;
+- syslog(LOG_ERR, "Failed to update the mount table\n");
+- goto out;
++ /* it's possible that /etc/mtab is just a symlink to /proc/mounts */
++ if (readlink("/etc/mtab", &dummy, 1) < 0) {
++ mtab_fd = setmntent("/etc/mtab", "a");
++ if (!mtab_fd) {
++ rc = -EACCES;
++ syslog(LOG_ERR, "Failed to update the mount table\n");
++ goto out;
++ }
+ }
+ mountent.mnt_fsname = fullpath_source;
+ mountent.mnt_dir = fullpath_target;
+@@ -464,7 +468,7 @@ int ecryptfs_mount(char *source, char *t
+ }
+ mountent.mnt_freq = 0;
+ mountent.mnt_passno = 0;
+- if (addmntent(mtab_fd, &mountent)) {
++ if (mtab_fd && addmntent(mtab_fd, &mountent)) {
+ rc = -EIO;
+ syslog(LOG_ERR, "Failed to write to the mount "
+ "table\n");
+diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.mtabfix ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index c47ac06..b3aa4f6 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -4,8 +4,8 @@
%global _sbindir /sbin
Name: ecryptfs-utils
-Version: 87
-Release: 8%{?dist}
+Version: 90
+Release: 1%{?dist}
Summary: The eCryptfs mount helper and support libraries
Group: System Environment/Base
License: GPLv2+
@@ -29,10 +29,13 @@ Patch5: ecryptfs-utils-84-fixsigness.patch
# also fixes this issue: char c; while((c = fgetc(fh)) != EOF)
Patch6: ecryptfs-utils-84-fgetc.patch
+# fix man pages
+Patch8: ecryptfs-utils-86-manpage.patch
+
# autoload ecryptfs module in ecryptfs-setup-private when needed, rhbz#707608
-Patch7: ecryptfs-utils-87-autoload.patch
+Patch9: ecryptfs-utils-87-autoload.patch
-# sent upstream, for e-u < 88, rhbz#706911
+# upstream patch is incomplete, rhbz#706911
Patch10: ecryptfs-utils-87-mtab.patch
# fedora/rhel specific, check for pam ecryptfs module before home migration
@@ -103,7 +106,8 @@ the interface supplied by the ecryptfs-utils library.
%patch4 -p1 -b .splitnss
%patch5 -p1 -b .fixsigness
%patch6 -p1 -b .fgetc
-%patch7 -p1 -b .autoload
+%patch8 -p1 -b .manfix
+%patch9 -p1 -b .autoload
%patch10 -p1 -b .mtabfix
%patch11 -p1 -b .authconfig
%patch12 -p1 -b .memcpyfix
@@ -116,7 +120,7 @@ the interface supplied by the ecryptfs-utils library.
%patch18 -p1 -b .syslog
%build
-export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror -Wtype-limits"
+export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits"
#we're modifing Makefile.am
autoreconf -fiv
%configure --disable-rpath --enable-tspi --enable-nss --enable-pkcs11-helper
@@ -201,6 +205,7 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/%{name}/ecryptfs-mount-private.desktop
%{_datadir}/%{name}/ecryptfs-mount-private.png
%{_datadir}/%{name}/ecryptfs-setup-private.desktop
+%{_datadir}/%{name}/ecryptfs-find
%{_mandir}/man1/ecryptfs-add-passphrase.1.gz
%{_mandir}/man1/ecryptfs-generate-tpm-key.1.gz
%{_mandir}/man1/ecryptfs-insert-wrapped-passphrase-into-keyring.1.gz
@@ -241,6 +246,15 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/ecryptfs-utils/_libecryptfs.so
%changelog
+* Thu Aug 11 2011 Michal Hlavinka <mhlavink at redhat.com> - 90-1
+- security fixes:
+- privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832)
+- race condition when checking source during mount (CVE-2011-1833)
+- mtab corruption via improper handling (CVE-2011-1834)
+- key poisoning via insecure temp directory handling (CVE-2011-1835)
+- information disclosure via recovery mount in /tmp (CVE-2011-1836)
+- arbitrary file overwrite via lock counter race (CVE-2011-1837)
+
* Tue Aug 09 2011 Michal Hlavinka <mhlavink at redhat.com> - 87-8
- improve logging messages of ecryptfs pam module
- keep own copy of passphrase, pam clears it too early
diff --git a/sources b/sources
index 8f77056..c36fcea 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
e612ddb9ccb17f8fec79df26e626a8c6 ecryptfs-mount-private.png
-b3e4ec1c70b3c57bd289b327363c39f6 ecryptfs-utils_87.orig.tar.gz
+a81621fb2f7ab4b81f9bffc020b181e2 ecryptfs-utils_90.orig.tar.gz
More information about the scm-commits
mailing list