** Also affects: ecryptfs-utils (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: linux-source-2.6.15 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Changed in: linux-ec2 (Ubuntu Oneiric)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Hardy)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Maverick)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Natty)
Status: New => Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Oneiric)
Status: New => Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Hardy)
Status: New => Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Maverick)
Status: New => Invalid
** Changed in: linux-lts-backport-natty (Ubuntu Natty)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Oneiric)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Hardy)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Natty)
Status: New => Invalid
** Changed in: linux-lts-backport-maverick (Ubuntu Oneiric)
Status: New => Invalid
** Changed in: linux-lts-backport-maverick (Ubuntu Hardy)
Status: New => Invalid
** Changed in: linux-lts-backport-maverick (Ubuntu Maverick)
Status: New => Invalid
** Changed in: linux-lts-backport-maverick (Ubuntu Natty)
Status: New => Invalid
** Changed in: linux-ti-omap4 (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-ti-omap4 (Ubuntu Hardy)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Oneiric)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Hardy)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Maverick)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Natty)
Status: New => Invalid
** Description changed:
check_ownerships() function doesn't work as it should because of a race
- condition. Arguments of both mount() and umount() calls can be changed
- between the check and the usage. This may lead to arbitrary mount point
+ condition. Arguments of both mount() and umount() calls can be changed
+ between the check and the usage. This may lead to arbitrary mount point
umounting or probably to gaining ability to try passphrases of
- otherpeople's ecryptfs storages.
+ otherpeople's ecryptfs storages. lock_counter() is also racy. It (1)
+ tries to check existance and ownership of the file before open(), (2)
+ neither use stat() instead of lstat() nor O_NOFOLLOW, (3) is not
+ protected against deletion of the lock file by the owner. The lock file
+ should be probably created in root only writable directory before
+ dropping EUID.
- lock_counter() is also racy. It (1) tries to check existance and
- ownership of the file before open(), (2) neither use stat() instead of
- lstat() nor O_NOFOLLOW, (3) is not protected against deletion of the
- lock file by the owner. The lock file should be probably created in root
- only writable directory before dropping EUID.
+ Introduced-by: 237fead619984cc48818fe12ee0ceada3f55b012
+ Fixed-by: 764355487ea220fdc2faf128d577d7f679b91f97
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/732628
Title:
TOCTOU in mount.ecryptfs_private
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/732628/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
