[CVE-2011-1833] race condition when checking source during mount
Andy Whitcroft
apw at canonical.com
Thu Aug 11 13:37:30 UTC 2011
On Thu, Aug 11, 2011 at 12:39:42AM -0700, John Johansen wrote:
> Fix userspace race in checking source of mount by having the kernel do
> the check at mount time when a flag is specified.
>
> The second patch fixes the parameter type in the already upstream patch.
I see that the 1/2 has hit mainline already so we can clean up the
attribution as we go.
commit 764355487ea220fdc2faf128d577d7f679b91f97
Author: John Johansen <john.johansen at canonical.com>
Date: Fri Jul 22 08:14:15 2011 -0700
Ecryptfs: Add mount option to check uid of device being mounted = expect uid
Close a TOCTOU race for mounts done via ecryptfs-mount-private. The mount
source (device) can be raced when the ownership test is done in userspace.
Provide Ecryptfs a means to force the uid check at mount time.
Signed-off-by: John Johansen <john.johansen at canonical.com>
Cc: <stable at kernel.org>
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
I have some issues with the Maverick backport here. Comments against
that backport. I am also wondering if you are doing a Lucid and Hardy
one or if there is some reason we do not need it; currently the tracker
says they are required.
-apw
More information about the kernel-team
mailing list