Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hi release team, as discuassed with the security team, I'd like to fix #925959 with the next stable pointrelease. The proposed debdiff is attached. Please let me know if its okay to upload. Thanks, Bernd -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog index 0be9f865..9b8f4cbb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium + + * [34db05f] /tmp/VMwareDnD permissions security fix. + Fix possible security issue with the permissions of the intermediate + staging directory and path + /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be + a regular directory, but malicious code or user may create the /tmp/VMwareDnD + as a symbolic link which points elsewhere on the system. This may provide + user access to user B's files. + Do not set the permission of the root directory if the root directory + already exists and has the wrong permission. The permission of the directory + must be 1777 if it is created by the VMToolsi. If not, then the directory + has been created or modified by malicious code or user, so just cancel the + host to guest DnD or CnP operation. (Closes: #925959) + + -- Bernd Zeimetz <b...@debian.org> Fri, 05 Apr 2019 23:10:04 +0200 + open-vm-tools (2:10.1.5-5055683-4+deb9u1) stretch; urgency=medium * [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633) diff --git a/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch new file mode 100644 index 00000000..43daed8a --- /dev/null +++ b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch @@ -0,0 +1,54 @@ +commit e88f91b00a715b79255de6576506d80ecfdb064c +Author: Oliver Kurth <oku...@vmware.com> +Date: Tue Jan 29 14:03:19 2019 -0800 + + Fix possible security issue with the permissions of the intermediate + staging directory and path + + /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be + a regular directory, but malicious code or user may create the /tmp/VMwareDnD + as a symbolic link which points elsewhere on the system. This may provide + user access to user B's files. + + Do not set the permission of the root directory if the root directory + already exists and has the wrong permission. The permission of the directory + must be 1777 if it is created by the VMToolsi. If not, then the directory + has been created or modified by malicious code or user, so just cancel the + host to guest DnD or CnP operation. + +--- a/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c ++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c +@@ -276,12 +276,11 @@ DnDCreateRootStagingDirectory(void) + } + + if (File_Exists(root)) { +- if (!DnDRootDirUsable(root) && +- !DnDSetPermissionsOnRootDir(root)) { ++ if (!DnDRootDirUsable(root)) { + /* +- * The directory already exists and its permissions are wrong and +- * cannot be set, so there's not much we can do. ++ * The directory already exists and its permissions are wrong. + */ ++ Log("%s: The root dir is not usable.\n", __FUNCTION__); + return NULL; + } + } else { +--- a/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c ++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c +@@ -318,12 +318,11 @@ CreateApparentRootDirectory(void) + } + + if (File_Exists(root)) { +- if ( !DnDRootDirUsable(root) +- && !DnDSetPermissionsOnRootDir(root)) { ++ if (!DnDRootDirUsable(root)) { + /* +- * The directory already exists and its permissions are wrong and +- * cannot be set, so there's not much we can do. ++ * The directory already exists and its permissions are wrong. + */ ++ Log_Trivia("dnd: The root dir is not usable.\n"); + return NULL; + } + } else { diff --git a/debian/patches/series b/debian/patches/series index 2c8fbff7..58f5849b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,4 @@ from_arch/0001-Fix-vmxnet-module-on-kernels-3.16.patch debian/enable_vmhgfs-fuse_by_default debian/vmxnet_fix_kernel_4.7.patch debian/cve-2015-5191.patch +e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch