rpms/autofs/F-8 autofs-5.0.2-hosts-nodev-default.patch, NONE, 1.1 autofs.spec, 1.229, 1.230

Fri Dec 21 10:48:31 UTC 2007

Author: iankent

Update of /cvs/pkgs/rpms/autofs/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13193

Modified Files:
	autofs.spec 
Added Files:
	autofs-5.0.2-hosts-nodev-default.patch 
Log Message:
* Fri Dec 21 2007 Ian Kent <ikent at redhat.com> - 5.0.1-23
- Bug 426400: CVE-2007-6285 autofs default doesn't set nodev in /net [f8]
  - use mount option "nodev" for "-hosts" map unless "dev" is explicily specified.


autofs-5.0.2-hosts-nodev-default.patch:

--- NEW FILE autofs-5.0.2-hosts-nodev-default.patch ---

diff --git a/man/auto.master.5.in b/man/auto.master.5.in
index 56aaa5d..49a711c 100644
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
@@ -196,8 +196,8 @@ For example, with an entry in the master map of
 accessing /net/myserver will mount exports from myserver on directories below
 /net/myserver.
 .P
-NOTE: mounts done from a hosts map will be mounted with the "nosuid" option
-unless the "suid" option is explicitly given in the master map entry.
+NOTE: mounts done from a hosts map will be mounted with the "nosuid" and "nodev" options
+unless the options "suid" and "dev" are explicitly given in the master map entry.
 .SH LDAP MAPS
 If the map type \fBldap\fP is specified the mapname is of the form
 \fB[//servername/]dn\fP, where the optional \fBservername\fP is
diff --git a/modules/parse_sun.c b/modules/parse_sun.c
index a97a7aa..4241f16 100644
--- a/modules/parse_sun.c
+++ b/modules/parse_sun.c
@@ -589,8 +589,12 @@ static int sun_mount(struct autofs_point *ap, const char *root,
 	type = ap->entry->maps->type;
 	if (type && !strcmp(type, "hosts")) {
 		if (options) {
-			if (!strstr(options, "suid")) {
-				char *tmp = alloca(strlen(options) + 8);
+			int len = strlen(options);
+			int suid = strstr(options, "suid") ? 0 : 7;
+			int dev = strstr(options, "dev") ? 0 : 6;
+
+			if (suid || dev) {
+				char *tmp = alloca(len + suid + dev + 1);
 				if (!tmp) {
 					error(ap->logopt, MODPREFIX
 					      "alloca failed for options");
@@ -598,12 +602,16 @@ static int sun_mount(struct autofs_point *ap, const char *root,
 						return -1;
 					return 1;
 				}
+
 				strcpy(tmp, options);
-				strcat(tmp, ",nosuid");
+				if (suid)
+					strcat(tmp, ",nosuid");
+				if (dev)
+					strcat(tmp, ",nodev");
 				options = tmp;
 			}
 		} else {
-			char *tmp = alloca(7);
+			char *tmp = alloca(13);
 			if (!tmp) {
 				error(ap->logopt,
 				      MODPREFIX "alloca failed for options");
@@ -611,7 +619,7 @@ static int sun_mount(struct autofs_point *ap, const char *root,
 					return -1;
 				return 1;
 			}
-			strcpy(tmp, "nosuid");
+			strcpy(tmp, "nosuid,nodev");
 			options = tmp;
 		}
 	}
diff --git a/samples/auto.master b/samples/auto.master
index 4995976..9fe5609 100644
--- a/samples/auto.master
+++ b/samples/auto.master
@@ -7,8 +7,8 @@
 /misc	/etc/auto.misc
 #
 # NOTE: mounts done from a hosts map will be mounted with the
-#	"nosuid" option unless the "suid" option is explicitly
-#	given.
+#	"nosuid" and "nodev" options unless the "suid" and "dev"
+#	options are explicitly given.
 #
 /net	-hosts
 #


Index: autofs.spec
===================================================================
RCS file: /cvs/pkgs/rpms/autofs/F-8/autofs.spec,v
retrieving revision 1.229
retrieving revision 1.230
diff -u -r1.229 -r1.230
--- autofs.spec	18 Dec 2007 03:08:02 -0000	1.229
+++ autofs.spec	21 Dec 2007 10:47:56 -0000	1.230
@@ -4,7 +4,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.0.2
-Release: 22
+Release: 23
 Epoch: 1
 License: GPL
 Group: System Environment/Daemons
@@ -57,6 +57,7 @@
 Patch44: autofs-5.0.2-singleton-host-list.patch
 Patch45: autofs-5.0.2-hosts-nosuid-default.patch
 Patch46: autofs-5.0.2-fd-close-on-exec-mutex.patch
+Patch47: autofs-5.0.2-hosts-nodev-default.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs
 Conflicts: kernel < 2.6.17
@@ -145,6 +146,7 @@
 %patch44 -p1
 %patch45 -p1
 %patch46 -p1
+%patch47 -p1
 
 %build
 #CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@@ -197,6 +199,10 @@
 %{_libdir}/autofs/
 
 %changelog
+* Fri Dec 21 2007 Ian Kent <ikent at redhat.com> - 5.0.1-23
+- Bug 426400: CVE-2007-6285 autofs default doesn't set nodev in /net [f8]
+  - use mount option "nodev" for "-hosts" map unless "dev" is explicily specified.
+
 * Tue Dec 18 2007 Ian Kent <ikent at redhat.com> - 5.0.2-22
 - Bug 397591 SELinux is preventing /sbin/rpc.statd (rpcd_t) "search" to <Unknown> (sysctl_fs_t).
   - prevent fork between fd open and setting of FD_CLOEXEC.


