** Also affects: ecryptfs-utils (Ubuntu Hardy) Importance: Undecided Status: New
** Also affects: linux-source-2.6.15 (Ubuntu Hardy) Importance: Undecided Status: New ** Changed in: linux-ec2 (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-mvl-dove (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-mvl-dove (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-mvl-dove (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-ti-omap4 (Ubuntu Lucid) Status: New => Invalid ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Natty) Status: New => Invalid ** Description changed: check_ownerships() function doesn't work as it should because of a race - condition. Arguments of both mount() and umount() calls can be changed - between the check and the usage. This may lead to arbitrary mount point + condition. Arguments of both mount() and umount() calls can be changed + between the check and the usage. This may lead to arbitrary mount point umounting or probably to gaining ability to try passphrases of - otherpeople's ecryptfs storages. + otherpeople's ecryptfs storages. lock_counter() is also racy. It (1) + tries to check existance and ownership of the file before open(), (2) + neither use stat() instead of lstat() nor O_NOFOLLOW, (3) is not + protected against deletion of the lock file by the owner. The lock file + should be probably created in root only writable directory before + dropping EUID. - lock_counter() is also racy. It (1) tries to check existance and - ownership of the file before open(), (2) neither use stat() instead of - lstat() nor O_NOFOLLOW, (3) is not protected against deletion of the - lock file by the owner. The lock file should be probably created in root - only writable directory before dropping EUID. + Introduced-by: 237fead619984cc48818fe12ee0ceada3f55b012 + Fixed-by: 764355487ea220fdc2faf128d577d7f679b91f97 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/732628 Title: TOCTOU in mount.ecryptfs_private To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/732628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs