Blame ecryptfs-utils-90-CVE-2011-3145.patch

25e938
diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.CVE-2011-3145 ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c
25e938
--- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.CVE-2011-3145	2011-08-31 12:08:26.479493949 +0200
25e938
+++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c	2011-08-31 12:10:09.014666213 +0200
25e938
@@ -274,12 +274,14 @@ int update_mtab(char *dev, char *mnt, ch
25e938
 	int fd;
25e938
 	FILE *old_mtab, *new_mtab;
25e938
 	struct mntent *old_ent, new_ent;
25e938
+	mode_t old_umask;
25e938
 
25e938
 	/* Make an attempt to play nice with other mount helpers
25e938
 	 * by creating an /etc/mtab~ lock file. Of course this
25e938
 	 * only works if those other helpers actually check for
25e938
 	 * this.
25e938
 	 */
25e938
+	old_umask = umask(033);
25e938
 	fd = open("/etc/mtab~", O_RDONLY | O_CREAT | O_EXCL, 0644);
25e938
 	if (fd < 0) {
25e938
 		perror("open");
25e938
@@ -332,6 +334,8 @@ int update_mtab(char *dev, char *mnt, ch
25e938
 
25e938
 	unlink("/etc/mtab~");
25e938
 
25e938
+	umask(old_umask);
25e938
+
25e938
 	return 0;
25e938
 
25e938
 fail:
25e938
@@ -341,6 +345,7 @@ fail_late:
25e938
 fail_early:
25e938
 	endmntent(old_mtab);
25e938
 	unlink("/etc/mtab~");
25e938
+	umask(old_umask);
25e938
 	return 1;
25e938
 }
25e938
 
25e938
@@ -476,7 +481,7 @@ int zero(FILE *fh) {
25e938
  *  c) updating /etc/mtab
25e938
  */
25e938
 int main(int argc, char *argv[]) {
25e938
-	int uid, mounting;
25e938
+	int uid, gid, mounting;
25e938
 	int force = 0;
25e938
 	struct passwd *pwd;
25e938
 	char *alias, *src, *dest, *opt, *opts2;
25e938
@@ -491,6 +496,7 @@ int main(int argc, char *argv[]) {
25e938
 	}
25e938
 	
25e938
 	uid = getuid();
25e938
+	gid = getgid();
25e938
 	/* Non-privileged effective uid is sufficient for all but the code
25e938
  	 * that mounts, unmounts, and updates /etc/mtab.
25e938
 	 * Run at a lower privilege until we need it.
25e938
@@ -618,7 +624,14 @@ int main(int argc, char *argv[]) {
25e938
 		 * the real uid to be that of the user.
25e938
 		 * And we need the effective uid to be root in order to mount.
25e938
 		 */
25e938
-		setreuid(-1, 0);
25e938
+		if (setreuid(-1, 0) < 0) {
25e938
+			perror("setreuid");
25e938
+			goto fail;
25e938
+		}
25e938
+		if (setregid(-1, 0) < 0) {
25e938
+			perror("setregid");
25e938
+			goto fail;
25e938
+		}
25e938
  		/* Perform mount */
25e938
 		if (mount(src, ".", FSTYPE, 0, opt) == 0) {
25e938
 			if (update_mtab(src, dest, opt) != 0) {
25e938
@@ -630,6 +643,9 @@ int main(int argc, char *argv[]) {
25e938
 			if (setreuid(uid, uid) < 0) {
25e938
 				perror("setreuid");
25e938
 			}
25e938
+			if (setregid(gid, gid) < 0) {
25e938
+				perror("setregid");
25e938
+			}
25e938
 			goto fail;
25e938
 		}
25e938
 	} else {
25e938
@@ -665,6 +681,7 @@ int main(int argc, char *argv[]) {
25e938
 		 * Do not use the umount.ecryptfs helper (-i).
25e938
  		 */
25e938
 		setresuid(0,0,0);
25e938
+		setresgid(0,0,0);
25e938
 
25e938
 		/* Since we're doing a lazy unmount anyway, just unmount the current
25e938
 		 * directory. This avoids a lot of complexity in dealing with race