tags 625606 security
thanks
Hi,
this bug introduces a new security hole, consider the following example:
# cat /etc/fstab
[...]
/home /mnt none bind 0 0
/home /mnt none bind,remount,ro 0 0
# mount -v -a
[...]
/home on /mnt type none (rw,bind)
/home on /mnt type none (ro,bind)
# mount | grep /mnt
/home on /mnt type none (ro,bind)
# pm-powersave true
# mount | grep /mnt
/home on /mnt type none (rw,bind,commit=600)
Notice how calling pm-powersave changes the mount options from read-only
to read-write. Since I'm actually using something like this on a server
to deliver read-only backups, this bug is quite serious for me. The
actual problem here is that "/usr/lib/pm-utils/power.d/journal-commit"
calls "mount -o remount,commit=600 /mnt" in line 27 which overwrites the
previous mount options:
# mount -v -a
[...]
/home on /mnt type none (rw,bind)
/home on /mnt type none (ro,bind)
# mount | grep /mnt
/home on /mnt type none (ro,bind)
# mount -o remount,commit=600 /mnt/
# mount | grep /mnt
/home on /mnt type none (rw,bind,commit=600)
Since that bug now "makes unrelated software on the system break" AND
"introduces a security hole on systems where you install the package"
can we please raise the severity back to "critical" again?
Best regards
Alexander Kurtz
signature.asc
Description: This is a digitally signed message part
