- fix #236848 - mount/fstab.c:lock_mtab() should open with proper

permissions
2007-08-02 09:22:19 +00:00 · 2007-08-02 09:22:19 +00:00 · ccf8f112a6
parent 7dd321303c
commit ccf8f112a6
2 changed files with 28 additions and 4 deletions
--- a/util-linux-2.12a-mount-lockperm.patch
+++ b/util-linux-2.12a-mount-lockperm.patch
@ -0,0 +1,21 @@
+
+From: Flávio Leitner <fleitner@redhat.com>
+Subject: mount should set proper permissions on locktime
+
+When creating the "/etc/mtab~" lockfile (specifically 'linktargetfile'  in the
+lock_mtab function), the file is created with incorrect permissions ('000')
+which necessitates root to leverage CAP_DAC_OVERRIDE. If proper file modes (it
+would appear 0600 would be sufficient) were used in the open this would
+function properly with CAP_DAC_OVERRIDE revoked.
+
+--- util-linux-2.12a/mount/fstab.c.kzak	2007-07-31 12:13:26.000000000 +0200
+++ util-linux-2.12a/mount/fstab.c	2007-07-31 12:13:11.000000000 +0200
+@@ -433,7 +433,7 @@
+ 	linktargetfile = xmalloc(strlen(MOUNTLOCK_LINKTARGET) + 20);
+ 	sprintf(linktargetfile, MOUNTLOCK_LINKTARGET, getpid ());
+ 
+-	i = open (linktargetfile, O_WRONLY|O_CREAT, 0);
+	i = open (linktargetfile, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);
+ 	if (i < 0) {
+ 		int errsv = errno;
+ 		/* linktargetfile does not exist (as a file)
--- a/util-linux.spec
+++ b/util-linux.spec
@ -9,7 +9,7 @@
 Summary: A collection of basic system utilities.
 Name: util-linux
 Version: 2.13
-Release: 0.52%{?dist}
+Release: 0.53%{?dist}
 License: distributable
 Group: System Environment/Base

@ -257,10 +257,9 @@ Patch267: util-linux-2.13-ipcs-32bit.patch
 Patch268: util-linux-2.13-mount-loop.patch
 # 213253: "cal -3" generates improperly formatted output
 Patch269: util-linux-2.13-cal-3.patch
+# 236848 - mount/fstab.c:lock_mtab() should open with proper permissions
+Patch270: util-linux-2.12a-mount-lockperm.patch

-# When adding patches, please make sure that it is easy to find out what bug # the 
-# patch fixes.
-########### END upstreamable

 %description
 The util-linux package contains a large variety of low-level system
@ -365,6 +364,7 @@ cp %{SOURCE8} %{SOURCE9} .
 %patch267 -p1
 %patch268 -p1
 %patch269 -p1
+%patch270 -p1

 %build
 unset LINGUAS || :
@ -778,6 +778,9 @@ exit 0
 /sbin/losetup

 %changelog
+* Thu Aug  2  2007 Karel Zak <kzak@redhat.com> 2.13-0.53
+- fix #236848 - mount/fstab.c:lock_mtab() should open with proper permissions
+
 * Mon Jul  9  2007 Karel Zak <kzak@redhat.com> 2.13-0.52
 - fix #245578 - login's PAM configuration inits the keyring at an inconvenient time
 - fix #231532 - "pamconsole" not documented in mount(8)