← Back to team overview

ecryptfs team mailing list archive

  1. ecryptfs team
  2. Mailing list archive
  3. Message #01901

[Bug 732628] Re: TOCTOU in mount.ecryptfs_private

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package linux - 2.6.32-35.78

---------------
linux (2.6.32-35.78) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #871899

  [ Andrew Dickinson ]

  * SAUCE: sched: Prevent divide by zero when cpu_power is 0
    - LP: #614853

  [ Stefan Bader ]

  * [Config] Force perf to use libiberty for demangling
    - LP: #783660

  [ Tim Gardner ]

  * [Config] Simplify binary-udebs dependencies
    - LP: #832352
  * [Config] kernel preparation cannot be parallelized
    - LP: #832352
  * [Config] Linearize module/abi checks
    - LP: #832352
  * [Config] Linearize and simplify tree preparation rules
    - LP: #832352
  * [Config] Build kernel image in parallel with modules
    - LP: #832352
  * [Config] Set concurrency for kmake invocations
    - LP: #832352
  * [Config] Improve install-arch-headers speed
    - LP: #832352
  * [Config] Fix binary-perarch dependencies
    - LP: #832352
  * [Config] Removed stamp-flavours target
    - LP: #832352
  * [Config] Serialize binary indep targets
    - LP: #832352
  * [Config] Use build stamp directly
    - LP: #832352
  * [Config] Restore prepare-% target
    - LP: #832352
  * [Config] Fix binary-% build target
  * [Config] Fix install-headers target
    - LP: #832352
  * SAUCE: igb: Protect stats update
    - LP: #829566
  * SAUCE: rtl8192se spams log
    - LP: #859702

  [ Upstream Kernel Changes ]

  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * crypto: Move md5_transform to lib/md5.c
    - LP: #827462
  * net: Compute protocol sequence numbers and fragment IDs using MD5.
    - LP: #827462
  * ALSA: timer - Fix Oops at closing slave timer
    - LP: #827462
  * ALSA: snd-usb-caiaq: Fix keymap for RigKontrol3
    - LP: #827462
  * powerpc: Fix device tree claim code
    - LP: #827462
  * powerpc: pseries: Fix kexec on machines with more than 4TB of RAM
    - LP: #827462
  * Linux 2.6.32.45+drm33.19
    - LP: #827462
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * tunnels: fix netns vs proto registration ordering
    - LP: #823296
  * Fix broken backport for IPv6 tunnels in 2.6.32-longterm kernels.
  * USB: xhci: fix OS want to own HC
    - LP: #837669
  * USB: assign instead of equal in usbtmc.c
    - LP: #837669
  * USB: usb-storage: unusual_devs entry for ARM V2M motherboard.
    - LP: #837669
  * USB: Serial: Added device ID for Qualcomm Modem in Sagemcom's HiLo3G
    - LP: #837669
  * atm: br2864: sent packets truncated in VC routed mode
    - LP: #837669
  * hwmon: (ibmaem) add missing kfree
    - LP: #837669
  * ALSA: snd-usb-caiaq: Correct offset fields of outbound iso_frame_desc
    - LP: #837669
  * mm: fix wrong vmap address calculations with odd NR_CPUS values
    - LP: #837669
  * perf tools: do not look at ./config for configuration
    - LP: #837669
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #837669
  * befs: Validate length of long symbolic links.
    - LP: #837669
  * ALSA: snd_usb_caiaq: track submitted output urbs
    - LP: #837669
  * ALSA: ac97: Add HP Compaq dc5100 SFF(PT003AW) to Headphone Jack Sense
    whitelist
    - LP: #826081, #837669
  * futex: Fix regression with read only mappings
    - LP: #837669
  * x86-32, vdso: On system call restart after SYSENTER, use int $0x80
    - LP: #837669
  * x86, UV: Remove UV delay in starting slave cpus
    - LP: #837669
  * drm/ttm: fix ttm_bo_add_ttm(user) failure path
    - LP: #837669
  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
    - LP: #837669
  * igb: Fix lack of flush after register write and before delay
    - LP: #837669
  * Linux 2.6.32.46
    - LP: #837669
  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
    - LP: #844361
    - CVE-2011-1576
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695
  * drm/i915: prepare for fair lru eviction
    - LP: #843904
  * drm/i915: Move the eviction logic to its own file.
    - LP: #843904
  * drm/i915: Implement fair lru eviction across both rings. (v2)
    - LP: #843904
  * drm/i915: Maintain LRU order of inactive objects upon access by CPU
    (v2)
    - LP: #843904
  * drm/i915/evict: Ensure we completely cleanup on failure
    - LP: #843904
  * drm/i915: Periodically flush the active lists and requests
    - LP: #843904
  * Make TASKSTATS require root access, CVE-2011-2494
    - LP: #866021
    - CVE-2011-2494
  * proc: fix a race in do_io_accounting(), CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550
  * drm/i915: Hold a reference to the object whilst unbinding the eviction
    list
    - LP: #843904
  * drm/i915: Fix refleak during eviction.
    - LP: #843904
  * Linux 2.6.32.46+drm33.20
 -- Herton Ronaldo Krzesinski <herton.krzesinski@xxxxxxxxxxxxx>   Mon, 10 Oct 2011 14:12:26 -0300

** Changed in: linux (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of eCryptfs,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/732628

Title:
  TOCTOU in mount.ecryptfs_private

Status in eCryptfs - Enterprise Cryptographic Filesystem:
  Fix Released
Status in “ecryptfs-utils” package in Ubuntu:
  Fix Released
Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-linaro” package in Ubuntu:
  New
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-natty” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-oneiric” package in Ubuntu:
  New
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-qcm-msm” package in Ubuntu:
  Invalid
Status in “linux-source-2.6.15” package in Ubuntu:
  Invalid
Status in “linux-ti-omap” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Fix Committed
Status in “ecryptfs-utils” source package in Lucid:
  Fix Released
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Fix Released
Status in “linux-linaro” source package in Lucid:
  New
Status in “linux-lts-backport-maverick” source package in Lucid:
  Fix Released
Status in “linux-lts-backport-natty” source package in Lucid:
  Fix Released
Status in “linux-lts-backport-oneiric” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Fix Released
Status in “linux-qcm-msm” source package in Lucid:
  Invalid
Status in “linux-source-2.6.15” source package in Lucid:
  Invalid
Status in “linux-ti-omap” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “ecryptfs-utils” source package in Maverick:
  Fix Released
Status in “linux” source package in Maverick:
  Fix Released
Status in “linux-ec2” source package in Maverick:
  Invalid
Status in “linux-fsl-imx51” source package in Maverick:
  Invalid
Status in “linux-linaro” source package in Maverick:
  New
Status in “linux-lts-backport-maverick” source package in Maverick:
  Invalid
Status in “linux-lts-backport-natty” source package in Maverick:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Maverick:
  Invalid
Status in “linux-mvl-dove” source package in Maverick:
  Fix Released
Status in “linux-qcm-msm” source package in Maverick:
  Invalid
Status in “linux-source-2.6.15” source package in Maverick:
  Invalid
Status in “linux-ti-omap” source package in Maverick:
  Invalid
Status in “linux-ti-omap4” source package in Maverick:
  Fix Released
Status in “ecryptfs-utils” source package in Natty:
  Fix Released
Status in “linux” source package in Natty:
  Fix Released
Status in “linux-ec2” source package in Natty:
  Invalid
Status in “linux-fsl-imx51” source package in Natty:
  Invalid
Status in “linux-linaro” source package in Natty:
  New
Status in “linux-lts-backport-maverick” source package in Natty:
  Invalid
Status in “linux-lts-backport-natty” source package in Natty:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Natty:
  Invalid
Status in “linux-mvl-dove” source package in Natty:
  Invalid
Status in “linux-qcm-msm” source package in Natty:
  Invalid
Status in “linux-source-2.6.15” source package in Natty:
  Invalid
Status in “linux-ti-omap” source package in Natty:
  Invalid
Status in “linux-ti-omap4” source package in Natty:
  Fix Released
Status in “ecryptfs-utils” source package in Oneiric:
  Fix Released
Status in “linux” source package in Oneiric:
  Fix Released
Status in “linux-ec2” source package in Oneiric:
  Invalid
Status in “linux-fsl-imx51” source package in Oneiric:
  Invalid
Status in “linux-linaro” source package in Oneiric:
  New
Status in “linux-lts-backport-maverick” source package in Oneiric:
  Invalid
Status in “linux-lts-backport-natty” source package in Oneiric:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Oneiric:
  Invalid
Status in “linux-mvl-dove” source package in Oneiric:
  Invalid
Status in “linux-qcm-msm” source package in Oneiric:
  Invalid
Status in “linux-source-2.6.15” source package in Oneiric:
  Invalid
Status in “linux-ti-omap” source package in Oneiric:
  Invalid
Status in “linux-ti-omap4” source package in Oneiric:
  Fix Committed
Status in “ecryptfs-utils” source package in Hardy:
  Invalid
Status in “linux” source package in Hardy:
  Invalid
Status in “linux-ec2” source package in Hardy:
  Invalid
Status in “linux-fsl-imx51” source package in Hardy:
  Invalid
Status in “linux-linaro” source package in Hardy:
  New
Status in “linux-lts-backport-maverick” source package in Hardy:
  Invalid
Status in “linux-lts-backport-natty” source package in Hardy:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Hardy:
  Invalid
Status in “linux-mvl-dove” source package in Hardy:
  Invalid
Status in “linux-qcm-msm” source package in Hardy:
  Invalid
Status in “linux-source-2.6.15” source package in Hardy:
  Invalid
Status in “linux-ti-omap” source package in Hardy:
  Invalid
Status in “linux-ti-omap4” source package in Hardy:
  Invalid
Status in “ecryptfs-utils” package in Debian:
  Fix Released
Status in Fedora:
  Fix Released

Bug description:
  check_ownerships() function doesn't work as it should because of a
  race condition. Arguments of both mount() and umount() calls can be
  changed between the check and the usage. This may lead to arbitrary
  mount point umounting or probably to gaining ability to try
  passphrases of otherpeople's ecryptfs storages. lock_counter() is also
  racy. It (1) tries to check existance and ownership of the file before
  open(), (2) neither use stat() instead of lstat() nor O_NOFOLLOW, (3)
  is not protected against deletion of the lock file by the owner. The
  lock file should be probably created in root only writable directory
  before dropping EUID.

  Break-Fix: 237fead619984cc48818fe12ee0ceada3f55b012
  764355487ea220fdc2faf128d577d7f679b91f97

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/732628/+subscriptions

References

  Thread PreviousDate PreviousThread Next