Hi Tyler Hicks. There's been discussions about moving over to util-linux eject on the Debian side in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737658
Is there anything that still uses dmcrypt-get-device as shipped as a not-from-upstream addition in the current eject package? codesearch.debian.net can't find anything. Can't we just drop the dmcrypt-get-device.c addition now? Do you know? Regards, Andreas Henriksson ** Bug watch added: Debian Bug tracker #737658 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737658 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to eject in Ubuntu. https://bugs.launchpad.net/bugs/1673627 Title: dmcrypt-get-device does not check the return values of setuid() or setgid() Status in eject package in Ubuntu: Fix Released Bug description: Ilja Van Sprundel discovered that dmcrypt-get-device does not properly handle errors returned from setuid()/setgid() despite being a setuid- root binary. Although it looks to be handling trustworthy input from the kernel after the setuid()/setgid() calls, the intent is to be parsing the data as a non-root user. Here's the original report: I noticed that dmcrypt-get-device is suid root. it's source code is apparently written at ubuntu (according to the comments) The code for which I found at http://archive.ubuntu.com/ubuntu/pool/main/e/eject/eject_2.1.5+deb1+cvs20081104-13.1.diff.gz which has the following comments: * Opening /dev/mapper/control requires root privileges, therefore this * program needs to be installed setuid root. Root privileges are dropped * immediately after querying the information from the device mapper. The * parsing is done with normal user privileges afterwards. The priv dropping happens in dmcrypt-get-device.c and looks as follows: /* Drop all privileges */ setgid(getgid()); setuid(getuid()); This unfortunately doesn't account for a failed call to setuid(), which would then perform the parsing as root. You'll probably want to fix both the call to setgid() and setuid() with proper return value checks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
