[Applied Oneiric] Re: [PATCH 2/2] [oneiric CVE 2/2] Change check_ruid flag to a more reasonable type

Leann Ogasawara leann.ogasawara at canonical.com
Thu Aug 11 17:42:57 UTC 2011 

On Thu, 2011-08-11 at 11:28 -0600, Tim Gardner wrote:
> I don't think this one is strictly necessary since it doesn't change 
> code behavior, and needlessly diverges from upstream. A uid_t is an 
> 'unsigned int' which is as good as a boolean in this case.

John, before I go yanking this from Oneiric master-next, what's the
status of this patch landing upstream?  I'd assumed since it was
associated with the CVE, that is was making it's way up and likely to
hit stable (ie, we'd be able to drop it in favor of the upstream patch
later).  As Tim has pointed out, minimal divergence from upstream is 
 the ideal scenario.

Thanks,
Leann

> On 08/11/2011 08:11 AM, Leann Ogasawara wrote:
> > Applied to Oneiric master-next and updated commit to note "UBUNTU:
> > SAUCE:" for now.
> >
> > Thanks,
> > Leann
> >
> > On Thu, 2011-08-11 at 00:39 -0700, John Johansen wrote:
> >> The first interation of the patch for the check ruid flag at mount time
> >> flag returned a full uid.  However the revised patch used the check_ruid
> >> parameter solely as a boolean flag, but missed fixing the parameters type.
> >>
> >> Change the parameter type to int instead of uid_t.
> >>
> >> CVE-2011-1833
> >> BugLink: http://bugs.launchpad.net/bugs/732628
> >>
> >> Signed-off-by: John Johansen<john.johansen at canonical.com>
> >> ---
> >>   fs/ecryptfs/main.c |    5 ++---
> >>   1 files changed, 2 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> >> index 703cda3..27df5b5 100644
> >> --- a/fs/ecryptfs/main.c
> >> +++ b/fs/ecryptfs/main.c
> >> @@ -255,7 +255,7 @@ static void ecryptfs_init_mount_crypt_stat(
> >>    * Returns zero on success; non-zero on error
> >>    */
> >>   static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
> >> -				  uid_t *check_ruid)
> >> +				  int *check_ruid)
> >>   {
> >>   	char *p;
> >>   	int rc = 0;
> >> @@ -484,8 +484,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
> >>   	const char *err = "Getting sb failed";
> >>   	struct inode *inode;
> >>   	struct path path;
> >> -	uid_t check_ruid;
> >> -	int rc;
> >> +	int rc, check_ruid;
> >>
> >>   	sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
> >>   	if (!sbi) {
> >> --
> >> 1.7.5.4
> >>
> >>
> >
> >
> >
> 
>

More information about the kernel-team mailing list