mirrors/libfuse
0
0
Fork 0
mirror of https://github.com/libfuse/libfuse.git synced 2024-11-23 04:04:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

libfuse: fix exec environment for mount and umount

Browse Source 
Found by Tavis Ormandy (CVE-2015-3202).
This commit is contained in:
Miklos Szeredi 2015-05-22 10:58:43 +02:00
parent cfd529c003
commit fe2d962151
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2015-05-22 Miklos Szeredi <miklos@szeredi.hu>
* libfuse: fix exec environment for mount and umount. Found by
Tavis Ormandy (CVE-2015-3202).
2013-03-19 Miklos Szeredi <miklos@szeredi.hu>
* libfuse: fix thread cancel race. Exiting a worker my race with

23
lib/mount_util.c
View File

@ -77,10 +77,12 @@ static int add_mount(const char *progname, const char *fsname,
goto out_restore;
}
if (res == 0) {
char *env = NULL;
sigprocmask(SIG_SETMASK, &oldmask, NULL);
setuid(geteuid());
execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
"-f", "-t", type, "-o", opts, fsname, mnt, NULL);
execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
"-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
progname, strerror(errno));
exit(1);
@ -128,10 +130,17 @@ static int exec_umount(const char *progname, const char *rel_mnt, int lazy)
goto out_restore;
}
if (res == 0) {
char *env = NULL;
sigprocmask(SIG_SETMASK, &oldmask, NULL);
setuid(geteuid());
execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
lazy ? "-l" : NULL, NULL);
if (lazy) {
execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
"-l", NULL, &env);
} else {
execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
NULL, &env);
}
fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
progname, strerror(errno));
exit(1);
@ -187,10 +196,12 @@ static int remove_mount(const char *progname, const char *mnt)
goto out_restore;
}
if (res == 0) {
char *env = NULL;
sigprocmask(SIG_SETMASK, &oldmask, NULL);
setuid(geteuid());
execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
"--fake", mnt, NULL);
execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
"--fake", mnt, NULL, &env);
fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
progname, strerror(errno));
exit(1);