Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2016-01-23 01:16:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ecryptfs-utils" Changes: -------- --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2015-10-20 00:06:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2016-01-23 01:16:34.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Jan 20 16:31:19 UTC 2016 - meiss...@suse.com + +- validate-mount-destination-fs-type.patch: A local user could have + escalated privileges by mounting over special filesystems (bsc#962052 + CVE-2016-1572) + +------------------------------------------------------------------- New: ---- validate-mount-destination-fs-type.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ecryptfs-utils.spec ++++++ --- /var/tmp/diff_new_pack.Q3W7rU/_old 2016-01-23 01:16:35.000000000 +0100 +++ /var/tmp/diff_new_pack.Q3W7rU/_new 2016-01-23 01:16:35.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch +Patch2: validate-mount-destination-fs-type.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -76,6 +77,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing" ++++++ validate-mount-destination-fs-type.patch ++++++ >From 8fcdb9ef8406cd05c45acef6210a3bfa0831e857 Mon Sep 17 00:00:00 2001 From: Tyler Hicks <tyhi...@canonical.com> Date: Thu, 7 Jan 2016 19:39:14 -0600 Subject: [PATCH] mount.ecryptfs_private: Validate mount destination fs type Refuse to mount over non-standard filesystems. Mounting over certain types filesystems is a red flag that the user is doing something devious, such as mounting over the /proc/self symlink target with malicious content in order to confuse programs that may attempt to parse those files. (LP: #1530566) https://launchpad.net/bugs/1530566 --- debian/changelog | 8 +++++ src/utils/mount.ecryptfs_private.c | 61 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) Index: ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c =================================================================== --- ecryptfs-utils-108.orig/src/utils/mount.ecryptfs_private.c +++ ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c @@ -30,6 +30,7 @@ #include <sys/param.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/vfs.h> #include <ctype.h> #include <errno.h> #include <keyutils.h> @@ -220,6 +221,62 @@ err: return NULL; } +static int check_cwd_f_type() +{ + /** + * This is *not* a list of compatible lower filesystems list for + * eCryptfs. This is a list of filesystems that we reasonably expect to + * see mount.ecryptfs_private users mounting on top of. In other words, + * the filesystem type of the 'target' parameter of mount(2). + * + * This whitelist is to prevent malicious mount.ecryptfs_private users + * from mounting over filesystem types such as PROC_SUPER_MAGIC to + * deceive other programs with a crafted /proc/self/*. See + * https://launchpad.net/bugs/1530566 for more details. + */ + __SWORD_TYPE f_type_whitelist[] = { + 0x61756673 /* AUFS_SUPER_MAGIC */, + 0x9123683E /* BTRFS_SUPER_MAGIC */, + 0x00C36400 /* CEPH_SUPER_MAGIC */, + 0xFF534D42 /* CIFS_MAGIC_NUMBER */, + 0x0000F15F /* ECRYPTFS_SUPER_MAGIC */, + 0x0000EF53 /* EXT[234]_SUPER_MAGIC */, + 0xF2F52010 /* F2FS_SUPER_MAGIC */, + 0x65735546 /* FUSE_SUPER_MAGIC */, + 0x01161970 /* GFS2_MAGIC */, + 0x3153464A /* JFS_SUPER_MAGIC */, + 0x0000564C /* NCP_SUPER_MAGIC */, + 0x00006969 /* NFS_SUPER_MAGIC */, + 0x00003434 /* NILFS_SUPER_MAGIC */, + 0x5346544E /* NTFS_SB_MAGIC */, + 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */, + 0x52654973 /* REISERFS_SUPER_MAGIC */, + 0x73717368 /* SQUASHFS_MAGIC */, + 0x01021994 /* TMPFS_MAGIC */, + 0x58465342 /* XFS_SB_MAGIC */, + 0x2FC12FC1 /* ZFS_SUPER_MAGIC */, + }; + struct statfs buf; + size_t i, whitelist_len; + + if (statfs(".", &buf) != 0) { + fprintf(stderr, "Failed to check filesystem type: %m\n"); + return 1; + } + + whitelist_len = sizeof(f_type_whitelist) / sizeof(*f_type_whitelist); + for (i = 0; i < whitelist_len; i++) { + if (buf.f_type == f_type_whitelist[i]) { + return 0; + } + } + + fprintf(stderr, + "Refusing to mount over an unapproved filesystem type: %#lx\n", + buf.f_type); + return 1; +} + int check_ownership_mnt(uid_t uid, char **mnt) { /* Check ownership of mount point, chdir into it, and * canonicalize the path for use in mtab updating. @@ -682,6 +739,10 @@ int main(int argc, char *argv[]) { goto fail; } + if (check_cwd_f_type() != 0) { + goto fail; + } + if (mounting == 1) { /* Increment mount counter, errors non-fatal */ if (increment(fh_counter) < 0) {