This is public now. I removed the attached patches; they were valid, but had a wrong attribution (the original patch was from David Zeuthen). I put links to the official upstream patches into the description.
** Description changed: EMBARGOED until 2014-03-10 + PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root). Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise. I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue. + + Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967 + Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471 ** Patch removed: "improved udisks2 patch" https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008467/+files/udisks2.patch ** Patch removed: "fixed backported patch for udisks 1" https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008468/+files/udisks1.patch ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to udisks2 in Ubuntu. https://bugs.launchpad.net/bugs/1288226 Title: buffer overflow with long path names Status in “udisks” package in Ubuntu: In Progress Status in “udisks2” package in Ubuntu: In Progress Status in “udisks” source package in Lucid: Won't Fix Status in “udisks” source package in Precise: New Status in “udisks” source package in Quantal: New Status in “udisks2” source package in Quantal: New Status in “udisks” source package in Saucy: New Status in “udisks2” source package in Saucy: New Status in “udisks” source package in Trusty: In Progress Status in “udisks2” source package in Trusty: In Progress Bug description: EMBARGOED until 2014-03-10 PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root). Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise. I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue. Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967 Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
