Summary: | <sys-fs/udisks-1.0.2-r1: arbitrary kernel module load | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | nikoli |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.freedesktop.org/show_bug.cgi?id=32232 | ||
Whiteboard: | B1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-01-31 20:49:54 UTC
Rerating B1 as I believe this allows a non-admin local user to load a kernel module. 1.0.2-r1 has the upstream patch now, can be stabilized long as people test mounting with it instead of just compile testing. specifically, check `cat /proc/filesystems`, those should be mountable and others not (In reply to comment #3) > 1.0.2-r1 has the upstream patch now, can be stabilized long as people test > mounting with it instead of just compile testing. > > specifically, check `cat /proc/filesystems`, those should be mountable and > others not Great, thank you. Arches, please test and mark stable, *noting* the instructions above: =sys-fs/udisks-1.0.2-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" Stable for HPPA. amd64 stable x86 stable With sys-fs/udisks-1.0.2-r1 installed I can no longer mount my ntfs USB drive in KDE. I believe it's related to this patch. org.freedesktop.UDisks.Error.Failed: Requested filesystem type is neither well-known nor in /proc/filesystems nor in /etc/filesystems There is no ntfs in my /proc/filesystems. (In reply to comment #8) > With sys-fs/udisks-1.0.2-r1 installed I can no longer mount my ntfs USB drive > in KDE. I believe it's related to this patch. > > org.freedesktop.UDisks.Error.Failed: Requested filesystem type is neither > well-known nor in /proc/filesystems nor in /etc/filesystems > > There is no ntfs in my /proc/filesystems. If using ntfs-3g, ntfs3g, whatever..., I suppose you have to add it to the list of allowed file systems by hand in /etc/filesystems now. Yeah, it works. But I think I shouldn't have to do it. I mean, it's not some low-level system stuff, people running a modern desktop environment should't have to poke around config files to make things like this work. How about just adding "ntfs-3g" to well_known_filesystems? Tested on SPARC, by attempting to mount a VFAT device. It correctly reports not authorised. Could stabilise. (In reply to comment #10) > Yeah, it works. But I think I shouldn't have to do it. I mean, it's not some > low-level system stuff, people running a modern desktop environment should't > have to poke around config files to make things like this work. > > How about just adding "ntfs-3g" to well_known_filesystems? I can't really decide where this belongs, but I'm trying to push it first to the UDisks upstream here: http://bugs.freedesktop.org/show_bug.cgi?id=36361 If they refuse it, I guess we have to reconsider adding it to the /etc/filesystems file, owned by baselayout package. I don't really like that either... sigh... And let this be the end of this discussion at this bug, it's really offtopic here. CC yourself on the upstream bug if you want to follow progress. alpha/arm/ia64/sh/sparc stable ppc/ppc64 stable, last arch done Thanks, folks. GLSA request filed. Samuli, *udisks-1.0.2-r3 (09 May 2011) 09 May 2011; Samuli Suominen <ssuominen@gentoo.org> +udisks-1.0.2-r3.ebuild, +files/udisks-1.0.2-missing_comma.patch: Add missing comma in fs whitelist to replace the -ntfs-3g.patch. This commit broke ntfs-3g support again. (In reply to comment #16) > Samuli, > > *udisks-1.0.2-r3 (09 May 2011) > > 09 May 2011; Samuli Suominen <ssuominen@gentoo.org> +udisks-1.0.2-r3.ebuild, > +files/udisks-1.0.2-missing_comma.patch: > Add missing comma in fs whitelist to replace the -ntfs-3g.patch. > > This commit broke ntfs-3g support again. Sorry about that, I haven't had time to do a ntfs filesystem and play with it. Reopened http://bugs.freedesktop.org/show_bug.cgi?id=36361 for this, and would like to commit a fix to Portage but I'm currently without CVS access so it might be good idea to open a new bug, otherwise this might go lost. Removing freedesktop-bugs@ from CC list as this bug is done. Users have already been advised to update in GLSA 201405-01. Closing noglsa. |