diff options
| author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-10-18 11:18:52 +0900 |
|---|---|---|
| committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-10-18 11:18:52 +0900 |
| commit | f31c6cf1859ca6f38908ca5fddd227e8599720e3 (patch) | |
| tree | 3ec23d1a803131b13d2cdfafe346736a15c6cf7a /src/utils | |
| parent | 5d2ff913bccb1768dbf8eca6b7d4ea66cf679552 (diff) | |
| download | ecryptfs-utils-f31c6cf1859ca6f38908ca5fddd227e8599720e3.tar.gz ecryptfs-utils-f31c6cf1859ca6f38908ca5fddd227e8599720e3.tar.bz2 ecryptfs-utils-f31c6cf1859ca6f38908ca5fddd227e8599720e3.zip | |
Imported Upstream version 109upstream/109
Diffstat (limited to 'src/utils')
| -rw-r--r-- | src/utils/Makefile.in | 37 | ||||
| -rw-r--r-- | src/utils/mount.ecryptfs.c | 2 | ||||
| -rw-r--r-- | src/utils/mount.ecryptfs_private.c | 64 |
3 files changed, 90 insertions, 13 deletions
diff --git a/src/utils/Makefile.in b/src/utils/Makefile.in index ca66222..951059c 100644 --- a/src/utils/Makefile.in +++ b/src/utils/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -93,17 +103,16 @@ noinst_PROGRAMS = test$(EXEEXT) @ENABLE_TESTS_TRUE@TESTS = test$(EXEEXT) @BUILD_TSPI_TRUE@am__append_1 = ecryptfs-generate-tpm-key subdir = src/utils -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(top_srcdir)/test-driver ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pkg_swig.m4 \ $(top_srcdir)/m4/ac_python_devel.m4 \ - $(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -480,6 +489,8 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log) TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ $(TEST_LOG_FLAGS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ + $(top_srcdir)/test-driver DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ @@ -671,6 +682,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ rootsbindir = @rootsbindir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -737,10 +749,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/utils/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/utils/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign src/utils/Makefile -.PRECIOUS: Makefile + $(AUTOMAKE) --gnu src/utils/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1209,7 +1220,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) if test -n "$$am__remaking_logs"; then \ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ "recursion detected" >&2; \ - else \ + elif test -n "$$redo_logs"; then \ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ fi; \ if $(am__make_dryrun); then :; else \ @@ -1507,6 +1518,8 @@ uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ uninstall-binPROGRAMS uninstall-binSCRIPTS \ uninstall-rootsbinPROGRAMS +.PRECIOUS: Makefile + install-exec-hook: install-rootsbinPROGRAMS -rm -f "$(DESTDIR)/$(rootsbindir)/umount.ecryptfs_private" diff --git a/src/utils/mount.ecryptfs.c b/src/utils/mount.ecryptfs.c index ab3d85c..451ffe3 100644 --- a/src/utils/mount.ecryptfs.c +++ b/src/utils/mount.ecryptfs.c @@ -24,7 +24,6 @@ #include <errno.h> #include <fcntl.h> #include <getopt.h> -#include <keyutils.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -34,6 +33,7 @@ #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> +#include <keyutils.h> #include "ecryptfs.h" #include "decision_graph.h" #include "io.h" diff --git a/src/utils/mount.ecryptfs_private.c b/src/utils/mount.ecryptfs_private.c index 1684a51..1a63d1d 100644 --- a/src/utils/mount.ecryptfs_private.c +++ b/src/utils/mount.ecryptfs_private.c @@ -30,6 +30,8 @@ #include <sys/param.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/vfs.h> +#include <fcntl.h> #include <ctype.h> #include <errno.h> #include <keyutils.h> @@ -220,6 +222,64 @@ err: return NULL; } +static int check_cwd_f_type() +{ + /** + * This is *not* a list of compatible lower filesystems list for + * eCryptfs. This is a list of filesystems that we reasonably expect to + * see mount.ecryptfs_private users mounting on top of. In other words, + * the filesystem type of the 'target' parameter of mount(2). + * + * This whitelist is to prevent malicious mount.ecryptfs_private users + * from mounting over filesystem types such as PROC_SUPER_MAGIC to + * deceive other programs with a crafted /proc/self/*. See + * https://launchpad.net/bugs/1530566 for more details. + */ + __SWORD_TYPE f_type_whitelist[] = { + 0x61756673 /* AUFS_SUPER_MAGIC */, + 0x9123683E /* BTRFS_SUPER_MAGIC */, + 0x00C36400 /* CEPH_SUPER_MAGIC */, + 0xFF534D42 /* CIFS_MAGIC_NUMBER */, + 0x0000F15F /* ECRYPTFS_SUPER_MAGIC */, + 0x0000EF53 /* EXT[234]_SUPER_MAGIC */, + 0xF2F52010 /* F2FS_SUPER_MAGIC */, + 0x65735546 /* FUSE_SUPER_MAGIC */, + 0x01161970 /* GFS2_MAGIC */, + 0x3153464A /* JFS_SUPER_MAGIC */, + 0x000072B6 /* JFFS2_SUPER_MAGIC */, + 0x0000564C /* NCP_SUPER_MAGIC */, + 0x00006969 /* NFS_SUPER_MAGIC */, + 0x00003434 /* NILFS_SUPER_MAGIC */, + 0x5346544E /* NTFS_SB_MAGIC */, + 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */, + 0x52654973 /* REISERFS_SUPER_MAGIC */, + 0x73717368 /* SQUASHFS_MAGIC */, + 0x01021994 /* TMPFS_MAGIC */, + 0x24051905 /* UBIFS_SUPER_MAGIC */, + 0x58465342 /* XFS_SB_MAGIC */, + 0x2FC12FC1 /* ZFS_SUPER_MAGIC */, + }; + struct statfs buf; + size_t i, whitelist_len; + + if (statfs(".", &buf) != 0) { + fprintf(stderr, "Failed to check filesystem type: %m\n"); + return 1; + } + + whitelist_len = sizeof(f_type_whitelist) / sizeof(*f_type_whitelist); + for (i = 0; i < whitelist_len; i++) { + if (buf.f_type == f_type_whitelist[i]) { + return 0; + } + } + + fprintf(stderr, + "Refusing to mount over an unapproved filesystem type: %#lx\n", + buf.f_type); + return 1; +} + int check_ownership_mnt(uid_t uid, char **mnt) { /* Check ownership of mount point, chdir into it, and * canonicalize the path for use in mtab updating. @@ -682,6 +742,10 @@ int main(int argc, char *argv[]) { goto fail; } + if (check_cwd_f_type() != 0) { + goto fail; + } + if (mounting == 1) { /* Increment mount counter, errors non-fatal */ if (increment(fh_counter) < 0) { |