Hello community,
here is the log from the commit of package ecryptfs-utils for openSUSE:Factory
checked in at 2016-01-23 01:16:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ecryptfs-utils"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes
2015-10-20 00:06:15.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes
2016-01-23 01:16:34.000000000 +0100
@@ -1,0 +2,7 @@
+Wed Jan 20 16:31:19 UTC 2016 - meiss...@suse.com
+
+- validate-mount-destination-fs-type.patch: A local user could have
+ escalated privileges by mounting over special filesystems (bsc#962052
+ CVE-2016-1572)
+
+-------------------------------------------------------------------
New:
----
validate-mount-destination-fs-type.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ecryptfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.Q3W7rU/_old 2016-01-23 01:16:35.000000000 +0100
+++ /var/tmp/diff_new_pack.Q3W7rU/_new 2016-01-23 01:16:35.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ecryptfs-utils
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,7 @@
Patch0: ecryptfs-setup-swap-SuSE.patch
# PATCH-FIX-OPENSUSE build with -fpie/-pie
Patch1: ecryptfs-utils-src-utils-Makefile.patch
+Patch2: validate-mount-destination-fs-type.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -76,6 +77,7 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"
++++++ validate-mount-destination-fs-type.patch ++++++
>From 8fcdb9ef8406cd05c45acef6210a3bfa0831e857 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhi...@canonical.com>
Date: Thu, 7 Jan 2016 19:39:14 -0600
Subject: [PATCH] mount.ecryptfs_private: Validate mount destination fs type
Refuse to mount over non-standard filesystems. Mounting over
certain types filesystems is a red flag that the user is doing
something devious, such as mounting over the /proc/self symlink
target with malicious content in order to confuse programs that may
attempt to parse those files. (LP: #1530566)
https://launchpad.net/bugs/1530566
---
debian/changelog | 8 +++++
src/utils/mount.ecryptfs_private.c | 61 ++++++++++++++++++++++++++++++++++++++
2 files changed, 69 insertions(+)
Index: ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c
===================================================================
--- ecryptfs-utils-108.orig/src/utils/mount.ecryptfs_private.c
+++ ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c
@@ -30,6 +30,7 @@
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/vfs.h>
#include <ctype.h>
#include <errno.h>
#include <keyutils.h>
@@ -220,6 +221,62 @@ err:
return NULL;
}
+static int check_cwd_f_type()
+{
+ /**
+ * This is *not* a list of compatible lower filesystems list for
+ * eCryptfs. This is a list of filesystems that we reasonably expect to
+ * see mount.ecryptfs_private users mounting on top of. In other words,
+ * the filesystem type of the 'target' parameter of mount(2).
+ *
+ * This whitelist is to prevent malicious mount.ecryptfs_private users
+ * from mounting over filesystem types such as PROC_SUPER_MAGIC to
+ * deceive other programs with a crafted /proc/self/*. See
+ * https://launchpad.net/bugs/1530566 for more details.
+ */
+ __SWORD_TYPE f_type_whitelist[] = {
+ 0x61756673 /* AUFS_SUPER_MAGIC */,
+ 0x9123683E /* BTRFS_SUPER_MAGIC */,
+ 0x00C36400 /* CEPH_SUPER_MAGIC */,
+ 0xFF534D42 /* CIFS_MAGIC_NUMBER */,
+ 0x0000F15F /* ECRYPTFS_SUPER_MAGIC */,
+ 0x0000EF53 /* EXT[234]_SUPER_MAGIC */,
+ 0xF2F52010 /* F2FS_SUPER_MAGIC */,
+ 0x65735546 /* FUSE_SUPER_MAGIC */,
+ 0x01161970 /* GFS2_MAGIC */,
+ 0x3153464A /* JFS_SUPER_MAGIC */,
+ 0x0000564C /* NCP_SUPER_MAGIC */,
+ 0x00006969 /* NFS_SUPER_MAGIC */,
+ 0x00003434 /* NILFS_SUPER_MAGIC */,
+ 0x5346544E /* NTFS_SB_MAGIC */,
+ 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */,
+ 0x52654973 /* REISERFS_SUPER_MAGIC */,
+ 0x73717368 /* SQUASHFS_MAGIC */,
+ 0x01021994 /* TMPFS_MAGIC */,
+ 0x58465342 /* XFS_SB_MAGIC */,
+ 0x2FC12FC1 /* ZFS_SUPER_MAGIC */,
+ };
+ struct statfs buf;
+ size_t i, whitelist_len;
+
+ if (statfs(".", &buf) != 0) {
+ fprintf(stderr, "Failed to check filesystem type: %m\n");
+ return 1;
+ }
+
+ whitelist_len = sizeof(f_type_whitelist) / sizeof(*f_type_whitelist);
+ for (i = 0; i < whitelist_len; i++) {
+ if (buf.f_type == f_type_whitelist[i]) {
+ return 0;
+ }
+ }
+
+ fprintf(stderr,
+ "Refusing to mount over an unapproved filesystem type: %#lx\n",
+ buf.f_type);
+ return 1;
+}
+
int check_ownership_mnt(uid_t uid, char **mnt) {
/* Check ownership of mount point, chdir into it, and
* canonicalize the path for use in mtab updating.
@@ -682,6 +739,10 @@ int main(int argc, char *argv[]) {
goto fail;
}
+ if (check_cwd_f_type() != 0) {
+ goto fail;
+ }
+
if (mounting == 1) {
/* Increment mount counter, errors non-fatal */
if (increment(fh_counter) < 0) {
