rpms/util-linux/FC-6 util-linux-2.13-mount-setuid.patch, NONE, 1.1 util-linux.spec, 1.155, 1.156

Mon Oct 8 19:19:12 UTC 2007

Author: kzak

Update of /cvs/dist/rpms/util-linux/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv13263

Modified Files:
	util-linux.spec 
Added Files:
	util-linux-2.13-mount-setuid.patch 
Log Message:
* Mon Oct  8 2007 Karel Zak <kzak at redhat.com>  2.13-0.49
- fix #320141 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6]


util-linux-2.13-mount-setuid.patch:
 mount.c  |    8 ++++++--
 umount.c |    8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

--- NEW FILE util-linux-2.13-mount-setuid.patch ---
diff -up util-linux-2.13-pre7/mount/umount.c.kzak util-linux-2.13-pre7/mount/umount.c
--- util-linux-2.13-pre7/mount/umount.c.kzak	2007-10-08 15:22:38.000000000 +0200
+++ util-linux-2.13-pre7/mount/umount.c	2007-10-08 15:24:01.000000000 +0200
@@ -102,8 +102,12 @@ check_special_umountprog(const char *spe
 				char *umountargs[8];
 				int i = 0;
 
-				setuid(getuid());
-				setgid(getgid());
+				if(setgid(getgid()) < 0)
+					die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno));
+
+				if(setuid(getuid()) < 0)
+					die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno));
+
 				umountargs[i++] = umountprog;
 				umountargs[i++] = xstrdup(node);
 				if (nomtab)
diff -up util-linux-2.13-pre7/mount/mount.c.kzak util-linux-2.13-pre7/mount/mount.c
--- util-linux-2.13-pre7/mount/mount.c.kzak	2007-10-08 15:22:38.000000000 +0200
+++ util-linux-2.13-pre7/mount/mount.c	2007-10-08 15:24:01.000000000 +0200
@@ -600,8 +600,12 @@ check_special_mountprog(const char *spec
 		 char *oo, *mountargs[11];
 		 int i = 0;
 
-		 setuid(getuid());
-		 setgid(getgid());
+		 if(setgid(getgid()) < 0)
+			 die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
+
+		 if(setuid(getuid()) < 0)
+			 die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+
 		 oo = fix_opts_string (flags, extra_opts, NULL);
 		 mountargs[i++] = mountprog;
 		 mountargs[i++] = spec;


Index: util-linux.spec
===================================================================
RCS file: /cvs/dist/rpms/util-linux/FC-6/util-linux.spec,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- util-linux.spec	2 Aug 2007 11:53:10 -0000	1.155
+++ util-linux.spec	8 Oct 2007 19:19:09 -0000	1.156
@@ -9,7 +9,7 @@
 Summary: A collection of basic system utilities.
 Name: util-linux
 Version: 2.13
-Release: 0.48%{?dist}
+Release: 0.49%{?dist}
 License: distributable
 Group: System Environment/Base
 
@@ -237,6 +237,8 @@
 # 238918 - blockdev --getsize does not work properly on devices with more than 2^31 sectors
 Patch268: util-linux-2.13-blockdev-errno.patch
 Patch269: util-linux-2.13-blockdev-unsigned.patch
+# 320141: CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6]
+Patch270: util-linux-2.13-mount-setuid.patch
 
 %description
 The util-linux package contains a large variety of low-level system
@@ -335,6 +337,7 @@
 %patch267 -p1
 %patch268 -p1
 %patch269 -p1
+%patch270 -p1
 
 %build
 unset LINGUAS || :
@@ -726,6 +729,9 @@
 /sbin/losetup
 
 %changelog
+* Mon Oct  8 2007 Karel Zak <kzak at redhat.com>  2.13-0.49
+- fix #320141 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6]
+
 * Thu Aug  2 2007 Karel Zak <kzak at redhat.com>  2.13-0.48
 - fix #238918 - blockdev --getsize does not work properly on devices with more than 2^31 sectors
 


