>Synopsis: security(8) does not skip file checks for remote filesystems
>ending in "on"
>Category: user
>Environment:
System : OpenBSD 5.7
Details : OpenBSD 5.7-current (GENERIC.MP) #895: Wed Mar 18
18:55:03 MDT 2015
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
security(8) parses mount(8) output incorrectly, and fails to
skip eg. nfs mountpoints whose source ends with "on".
>How-To-Repeat:
mount foo:/home/ltirkkon /home/ltirkkon
/usr/libexec/security
>Fix:
Patch attached, although this will probably still fail for mount
sources which end with " on" including the space (if that's even
possible).
--
Lauri Tirkkonen | lotheac @ IRCnet
Index: libexec/security/security
===================================================================
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.32
diff -u -p -r1.32 security
--- libexec/security/security 4 Dec 2014 00:07:21 -0000 1.32
+++ libexec/security/security 25 Mar 2015 13:31:56 -0000
@@ -528,7 +528,7 @@ sub find_special_files {
"cannot spawn mount: $!"
and return;
while (<$fh>) {
- my ($path, $type) = /on\s+(.*?)\s+type\s+(\w+)/;
+ my ($path, $type) = /\s+on\s+(.*?)\s+type\s+(\w+)/;
$skip{$path} = 1 if $path &&
($type =~ /^(?:a|nnp|proc)fs$/ || !/\(.*local.*\)/);
}
