234 lines
14 KiB
Diff
234 lines
14 KiB
Diff
Fix CVE-2021-3996:
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
|
|
https://seclists.org/oss-sec/2022/q1/66
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b
|
|
|
|
From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001
|
|
From: Karel Zak <kzak@redhat.com>
|
|
Date: Tue, 4 Jan 2022 10:54:20 +0100
|
|
Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996]
|
|
|
|
This issue is related to parsing the /proc/self/mountinfo file allows an
|
|
unprivileged user to unmount other user's filesystems that are either
|
|
world-writable themselves or mounted in a world-writable directory.
|
|
|
|
The support for "(deleted)" is no more necessary as the Linux kernel does
|
|
not use it in /proc/self/mountinfo and /proc/self/mount files anymore.
|
|
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
---
|
|
libmount/src/tab_parse.c | 5 -----
|
|
tests/expected/findmnt/filter-options | 1 -
|
|
tests/expected/findmnt/filter-options-nameval-neg | 3 +--
|
|
tests/expected/findmnt/filter-types-neg | 1 -
|
|
tests/expected/findmnt/outputs-default | 3 +--
|
|
tests/expected/findmnt/outputs-force-tree | 3 +--
|
|
tests/expected/findmnt/outputs-kernel | 3 +--
|
|
tests/expected/libmount/tabdiff-mount | 1 -
|
|
tests/expected/libmount/tabdiff-move | 1 -
|
|
tests/expected/libmount/tabdiff-remount | 1 -
|
|
tests/expected/libmount/tabdiff-umount | 1 -
|
|
tests/expected/libmount/tabfiles-parse-mountinfo | 11 -----------
|
|
tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 -----------
|
|
tests/ts/findmnt/files/mountinfo | 1 -
|
|
tests/ts/findmnt/files/mountinfo-nonroot | 1 -
|
|
tests/ts/libmount/files/mountinfo | 1 -
|
|
16 files changed, 4 insertions(+), 44 deletions(-)
|
|
|
|
diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
|
|
index 917779ab6..4407f9c9c 100644
|
|
--- a/libmount/src/tab_parse.c
|
|
+++ b/libmount/src/tab_parse.c
|
|
@@ -227,11 +227,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s)
|
|
goto fail;
|
|
}
|
|
|
|
- /* remove "\040(deleted)" suffix */
|
|
- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX);
|
|
- if (p && *p)
|
|
- *p = '\0';
|
|
-
|
|
s = skip_separator(s);
|
|
|
|
/* (6) vfs options (fs-independent) */
|
|
diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options
|
|
index 2606bce76..97b0ead0a 100644
|
|
--- a/tests/expected/findmnt/filter-options
|
|
+++ b/tests/expected/findmnt/filter-options
|
|
@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
|
|
/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|
|
/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
|
|
/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-/mnt/foo /fooooo bar rw,relatime
|
|
rc=0
|
|
diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg
|
|
index 5471d65af..f0467ef75 100644
|
|
--- a/tests/expected/findmnt/filter-options-nameval-neg
|
|
+++ b/tests/expected/findmnt/filter-options-nameval-neg
|
|
@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO
|
|
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
|
|
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|
|
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
|
|
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-`-/mnt/foo /fooooo bar rw,relatime
|
|
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
rc=0
|
|
diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg
|
|
index 2606bce76..97b0ead0a 100644
|
|
--- a/tests/expected/findmnt/filter-types-neg
|
|
+++ b/tests/expected/findmnt/filter-types-neg
|
|
@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
|
|
/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|
|
/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
|
|
/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-/mnt/foo /fooooo bar rw,relatime
|
|
rc=0
|
|
diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default
|
|
index 59495797b..01599355e 100644
|
|
--- a/tests/expected/findmnt/outputs-default
|
|
+++ b/tests/expected/findmnt/outputs-default
|
|
@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
|
|
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
|
|
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|
|
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
|
|
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-`-/mnt/foo /fooooo bar rw,relatime
|
|
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
rc=0
|
|
diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree
|
|
index 59495797b..01599355e 100644
|
|
--- a/tests/expected/findmnt/outputs-force-tree
|
|
+++ b/tests/expected/findmnt/outputs-force-tree
|
|
@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
|
|
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
|
|
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|
|
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
|
|
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-`-/mnt/foo /fooooo bar rw,relatime
|
|
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
rc=0
|
|
diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel
|
|
index 59495797b..01599355e 100644
|
|
--- a/tests/expected/findmnt/outputs-kernel
|
|
+++ b/tests/expected/findmnt/outputs-kernel
|
|
@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
|
|
|-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
|
|
| `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
|
|
|-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
|
|
-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-`-/mnt/foo /fooooo bar rw,relatime
|
|
+`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
rc=0
|
|
diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount
|
|
index 420aeacd5..3c18f8dc4 100644
|
|
--- a/tests/expected/libmount/tabdiff-mount
|
|
+++ b/tests/expected/libmount/tabdiff-mount
|
|
@@ -1,3 +1,2 @@
|
|
/dev/mapper/kzak-home on /home/kzak: MOUNTED
|
|
-/fooooo on /mnt/foo: MOUNTED
|
|
tmpfs on /mnt/test/foo
|
|
bar: MOUNTED
|
|
diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move
|
|
index 24f9bc791..95820d93e 100644
|
|
--- a/tests/expected/libmount/tabdiff-move
|
|
+++ b/tests/expected/libmount/tabdiff-move
|
|
@@ -1,3 +1,2 @@
|
|
//foo.home/bar/ on /mnt/music: MOVED to /mnt/music
|
|
-/fooooo on /mnt/foo: UMOUNTED
|
|
tmpfs on /mnt/test/foo
|
|
bar: UMOUNTED
|
|
diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount
|
|
index 82ebeab39..876bfd953 100644
|
|
--- a/tests/expected/libmount/tabdiff-remount
|
|
+++ b/tests/expected/libmount/tabdiff-remount
|
|
@@ -1,4 +1,3 @@
|
|
/dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered'
|
|
//foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344'
|
|
-/fooooo on /mnt/foo: UMOUNTED
|
|
tmpfs on /mnt/test/foo
|
|
bar: UMOUNTED
|
|
diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount
|
|
index a3e0fe48a..c7be725b9 100644
|
|
--- a/tests/expected/libmount/tabdiff-umount
|
|
+++ b/tests/expected/libmount/tabdiff-umount
|
|
@@ -1,3 +1,2 @@
|
|
/dev/mapper/kzak-home on /home/kzak: UMOUNTED
|
|
-/fooooo on /mnt/foo: UMOUNTED
|
|
tmpfs on /mnt/test/foo
|
|
bar: UMOUNTED
|
|
diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo
|
|
index 47eb77006..d5ba5248e 100644
|
|
--- a/tests/expected/libmount/tabfiles-parse-mountinfo
|
|
+++ b/tests/expected/libmount/tabfiles-parse-mountinfo
|
|
@@ -351,17 +351,6 @@ id: 47
|
|
parent: 20
|
|
devno: 0:38
|
|
------ fs:
|
|
-source: /fooooo
|
|
-target: /mnt/foo
|
|
-fstype: bar
|
|
-optstr: rw,relatime
|
|
-VFS-optstr: rw,relatime
|
|
-FS-opstr: rw
|
|
-root: /
|
|
-id: 48
|
|
-parent: 20
|
|
-devno: 0:39
|
|
------- fs:
|
|
source: tmpfs
|
|
target: /mnt/test/foo
|
|
bar
|
|
fstype: tmpfs
|
|
diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo
|
|
index 47eb77006..d5ba5248e 100644
|
|
--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo
|
|
+++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo
|
|
@@ -351,17 +351,6 @@ id: 47
|
|
parent: 20
|
|
devno: 0:38
|
|
------ fs:
|
|
-source: /fooooo
|
|
-target: /mnt/foo
|
|
-fstype: bar
|
|
-optstr: rw,relatime
|
|
-VFS-optstr: rw,relatime
|
|
-FS-opstr: rw
|
|
-root: /
|
|
-id: 48
|
|
-parent: 20
|
|
-devno: 0:39
|
|
------- fs:
|
|
source: tmpfs
|
|
target: /mnt/test/foo
|
|
bar
|
|
fstype: tmpfs
|
|
diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo
|
|
index 475ea1a33..ff1e664a8 100644
|
|
--- a/tests/ts/findmnt/files/mountinfo
|
|
+++ b/tests/ts/findmnt/files/mountinfo
|
|
@@ -30,4 +30,3 @@
|
|
44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
|
|
45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
|
|
47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
|
|
diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot
|
|
index e15b46701..87b421d2e 100644
|
|
--- a/tests/ts/findmnt/files/mountinfo-nonroot
|
|
+++ b/tests/ts/findmnt/files/mountinfo-nonroot
|
|
@@ -29,4 +29,3 @@
|
|
44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
|
|
45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
|
|
47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
|
|
diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo
|
|
index c06307183..2b0174048 100644
|
|
--- a/tests/ts/libmount/files/mountinfo
|
|
+++ b/tests/ts/libmount/files/mountinfo
|
|
@@ -30,5 +30,4 @@
|
|
44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
|
|
45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
|
|
47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
|
|
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
|
|
49 20 0:56 / /mnt/test/foo
|
|
bar rw,relatime shared:323 - tmpfs tmpfs rw
|
|
--
|
|
2.34.0
|
|
|