- fix #320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges

properly when calling helpers [F7]
2007-10-08 13:30:28 +00:00 · 2007-10-08 13:30:28 +00:00 · 4c6b28ff2a
parent 030432aac2
commit 4c6b28ff2a
2 changed files with 43 additions and 1 deletions
--- a/util-linux-2.13-mount-setuid.patch
+++ b/util-linux-2.13-mount-setuid.patch
@ -0,0 +1,36 @@
+diff -up util-linux-2.13-pre7/mount/umount.c.kzak util-linux-2.13-pre7/mount/umount.c
+--- util-linux-2.13-pre7/mount/umount.c.kzak	2007-10-08 15:22:38.000000000 +0200
+++ util-linux-2.13-pre7/mount/umount.c	2007-10-08 15:24:01.000000000 +0200
+@@ -102,8 +102,12 @@ check_special_umountprog(const char *spe
+ 				char *umountargs[8];
+ 				int i = 0;
+ 
+-				setuid(getuid());
+-				setgid(getgid());
+				if(setgid(getgid()) < 0)
+					die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno));
+
+				if(setuid(getuid()) < 0)
+					die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno));
+
+ 				umountargs[i++] = umountprog;
+ 				umountargs[i++] = xstrdup(node);
+ 				if (nomtab)
+diff -up util-linux-2.13-pre7/mount/mount.c.kzak util-linux-2.13-pre7/mount/mount.c
+--- util-linux-2.13-pre7/mount/mount.c.kzak	2007-10-08 15:22:38.000000000 +0200
+++ util-linux-2.13-pre7/mount/mount.c	2007-10-08 15:24:01.000000000 +0200
+@@ -600,8 +600,12 @@ check_special_mountprog(const char *spec
+ 		 char *oo, *mountargs[11];
+ 		 int i = 0;
+ 
+-		 setuid(getuid());
+-		 setgid(getgid());
+		 if(setgid(getgid()) < 0)
+			 die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
+
+		 if(setuid(getuid()) < 0)
+			 die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+
+ 		 oo = fix_opts_string (flags, extra_opts, NULL);
+ 		 mountargs[i++] = mountprog;
+ 		 mountargs[i++] = spec;
--- a/util-linux.spec
+++ b/util-linux.spec
@ -9,7 +9,7 @@
 Summary: A collection of basic system utilities.
 Name: util-linux
 Version: 2.13
-Release: 0.54%{?dist}
+Release: 0.55%{?dist}
 License: distributable
 Group: System Environment/Base

@ -264,6 +264,8 @@ Patch271: util-linux-2.13-blockdev-errno.patch
 Patch272: util-linux-2.13-blockdev-unsigned.patch
 # backport MS_RELATIME
 Patch273: util-linux-2.13-mount-relatime.patch
+# 320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]
+Patch274: util-linux-2.13-mount-setuid.patch

 %description
 The util-linux package contains a large variety of low-level system
@ -372,6 +374,7 @@ cp %{SOURCE8} %{SOURCE9} .
 %patch271 -p1
 %patch272 -p1
 %patch273 -p1
+%patch274 -p1

 %build
 unset LINGUAS || :
@ -785,6 +788,9 @@ exit 0
 /sbin/losetup

 %changelog
+* Mon Oct  8 2007 Karel Zak <kzak@redhat.com> 2.13-0.55
+- fix #320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]
+
 * Wed Aug  8  2007 Karel Zak <kzak@redhat.com> 2.13-0.54
 - backport mount relatime patch