[arch-commits] Commit in ecryptfs-utils/trunk (CVE-2016-1572.patch PKGBUILD)
Timothy Redaelli
tredaelli at archlinux.org
Fri Jan 22 11:41:47 UTC 2016
Date: Friday, January 22, 2016 @ 12:41:47
Author: tredaelli
Revision: 158553
upgpkg: ecryptfs-utils 108-2
Fix for CVE-2016-1572 (FS#47844)
Added:
ecryptfs-utils/trunk/CVE-2016-1572.patch
Modified:
ecryptfs-utils/trunk/PKGBUILD
---------------------+
CVE-2016-1572.patch | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 17 +++++---
2 files changed, 113 insertions(+), 5 deletions(-)
Added: CVE-2016-1572.patch
===================================================================
--- CVE-2016-1572.patch (rev 0)
+++ CVE-2016-1572.patch 2016-01-22 11:41:47 UTC (rev 158553)
@@ -0,0 +1,101 @@
+From 8fcdb9ef8406cd05c45acef6210a3bfa0831e857 Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks at canonical.com>
+Date: Thu, 7 Jan 2016 19:39:14 -0600
+Subject: [PATCH] mount.ecryptfs_private: Validate mount destination fs type
+
+Refuse to mount over non-standard filesystems. Mounting over
+certain types filesystems is a red flag that the user is doing
+something devious, such as mounting over the /proc/self symlink
+target with malicious content in order to confuse programs that may
+attempt to parse those files. (LP: #1530566)
+
+https://launchpad.net/bugs/1530566
+---
+ debian/changelog | 8 +++++
+ src/utils/mount.ecryptfs_private.c | 61 ++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 69 insertions(+)
+
+--- a/src/utils/mount.ecryptfs_private.c
++++ b/src/utils/mount.ecryptfs_private.c
+@@ -30,6 +30,7 @@
+ #include <sys/param.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <sys/vfs.h>
+ #include <ctype.h>
+ #include <errno.h>
+ #include <keyutils.h>
+@@ -220,6 +221,62 @@ err:
+ return NULL;
+ }
+
++static int check_cwd_f_type()
++{
++ /**
++ * This is *not* a list of compatible lower filesystems list for
++ * eCryptfs. This is a list of filesystems that we reasonably expect to
++ * see mount.ecryptfs_private users mounting on top of. In other words,
++ * the filesystem type of the 'target' parameter of mount(2).
++ *
++ * This whitelist is to prevent malicious mount.ecryptfs_private users
++ * from mounting over filesystem types such as PROC_SUPER_MAGIC to
++ * deceive other programs with a crafted /proc/self/*. See
++ * https://launchpad.net/bugs/1530566 for more details.
++ */
++ __SWORD_TYPE f_type_whitelist[] = {
++ 0x61756673 /* AUFS_SUPER_MAGIC */,
++ 0x9123683E /* BTRFS_SUPER_MAGIC */,
++ 0x00C36400 /* CEPH_SUPER_MAGIC */,
++ 0xFF534D42 /* CIFS_MAGIC_NUMBER */,
++ 0x0000F15F /* ECRYPTFS_SUPER_MAGIC */,
++ 0x0000EF53 /* EXT[234]_SUPER_MAGIC */,
++ 0xF2F52010 /* F2FS_SUPER_MAGIC */,
++ 0x65735546 /* FUSE_SUPER_MAGIC */,
++ 0x01161970 /* GFS2_MAGIC */,
++ 0x3153464A /* JFS_SUPER_MAGIC */,
++ 0x0000564C /* NCP_SUPER_MAGIC */,
++ 0x00006969 /* NFS_SUPER_MAGIC */,
++ 0x00003434 /* NILFS_SUPER_MAGIC */,
++ 0x5346544E /* NTFS_SB_MAGIC */,
++ 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */,
++ 0x52654973 /* REISERFS_SUPER_MAGIC */,
++ 0x73717368 /* SQUASHFS_MAGIC */,
++ 0x01021994 /* TMPFS_MAGIC */,
++ 0x58465342 /* XFS_SB_MAGIC */,
++ 0x2FC12FC1 /* ZFS_SUPER_MAGIC */,
++ };
++ struct statfs buf;
++ size_t i, whitelist_len;
++
++ if (statfs(".", &buf) != 0) {
++ fprintf(stderr, "Failed to check filesystem type: %m\n");
++ return 1;
++ }
++
++ whitelist_len = sizeof(f_type_whitelist) / sizeof(*f_type_whitelist);
++ for (i = 0; i < whitelist_len; i++) {
++ if (buf.f_type == f_type_whitelist[i]) {
++ return 0;
++ }
++ }
++
++ fprintf(stderr,
++ "Refusing to mount over an unapproved filesystem type: %#lx\n",
++ buf.f_type);
++ return 1;
++}
++
+ int check_ownership_mnt(uid_t uid, char **mnt) {
+ /* Check ownership of mount point, chdir into it, and
+ * canonicalize the path for use in mtab updating.
+@@ -629,6 +686,10 @@ int main(int argc, char *argv[]) {
+ goto fail;
+ }
+
++ if (check_cwd_f_type() != 0) {
++ goto fail;
++ }
++
+ if (mounting == 1) {
+ /* Increment mount counter, errors non-fatal */
+ if (increment(fh_counter) < 0) {
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-01-22 10:50:21 UTC (rev 158552)
+++ PKGBUILD 2016-01-22 11:41:47 UTC (rev 158553)
@@ -5,7 +5,7 @@
pkgname=ecryptfs-utils
pkgver=108
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
pkgdesc="Enterprise-class stacked cryptographic filesystem for Linux"
url="https://launchpad.net/ecryptfs"
@@ -14,19 +14,26 @@
depends=('nss' 'pam')
optdepends=('python2: for python module')
source=("http://launchpad.net/ecryptfs/trunk/${pkgver}/+download/${pkgname}_${pkgver}.orig.tar.gz"
- "${pkgname}_${pkgver}.orig.tar.gz.sig::http://launchpad.net/ecryptfs/trunk/${pkgver}/+download/..-${pkgname}_${pkgver}.orig.tar.gz.asc")
+ "${pkgname}_${pkgver}.orig.tar.gz.sig::http://launchpad.net/ecryptfs/trunk/${pkgver}/+download/..-${pkgname}_${pkgver}.orig.tar.gz.asc"
+ CVE-2016-1572.patch)
md5sums=('80f2a73e14030239fa01a2f1e5606a0e'
- 'SKIP')
+ 'SKIP'
+ '3932ca86f3f6e3c770d61d32b45ed3c0')
validpgpkeys=('E2D9E1C5F9F5D59291F4607D95E64373F1529469')
+prepare() {
+ cd "${pkgname}-${pkgver}"
+ patch -p1 -i "$srcdir"/CVE-2016-1572.patch
+}
+
build() {
- cd "$srcdir/${pkgname}-${pkgver}"
+ cd "${pkgname}-${pkgver}"
./configure --prefix=/usr --with-pamdir=/usr/lib/security PYTHON=python2
make
}
package() {
- cd "$srcdir/${pkgname}-${pkgver}"
+ cd "${pkgname}-${pkgver}"
make DESTDIR="$pkgdir/" rootsbindir='/usr/bin' install
chmod +s "$pkgdir/usr/bin/mount.ecryptfs_private"
}
More information about the arch-commits
mailing list