An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat(), it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation attacks with the help of other programs that use procfs. CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1572 Upstream bug report with reproducer: https://bugs.launchpad.net/ecryptfs/+bug/1530566 Proposed upstream patch: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870 Red Hat Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1300594
@Maintainers ping. Gentoo Security Padawan ChrisADR
@maintainers ping. The fix was implemented upstream and release, please bump. Michael Boyle Gentoo Security Padawan
the package has no stable keywords
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8d52e5c7308ae8eb0b87cc373289b0385d896a9 commit c8d52e5c7308ae8eb0b87cc373289b0385d896a9 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2019-10-14 15:06:01 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2019-10-14 15:07:49 +0000 sys-fs/ecryptfs-utils: bump to new snapshot Version bump bug has been open over 3 years with no known blocking problems. I'm doing a non-maintainer bump to fix several outstanding issues. Bug: https://bugs.gentoo.org/572500 Closes: https://bugs.gentoo.org/595264 Closes: https://bugs.gentoo.org/697700 Closes: https://bugs.gentoo.org/694104 Closes: https://github.com/gentoo/gentoo/pull/12464 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Ben Kohler <bkohler@gentoo.org> sys-fs/ecryptfs-utils/Manifest | 1 + .../ecryptfs-utils-111_p20170609.ebuild | 94 ++++++++++++++++++++++ 2 files changed, 95 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d42e0b99be21688c9ca4b9bbb5a38c732bc0c961 commit d42e0b99be21688c9ca4b9bbb5a38c732bc0c961 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-25 03:26:37 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 21:24:41 +0000 sys-fs/ecryptfs-utils: security cleanup (bug #572500) Bug: https://bugs.gentoo.org/572500 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15101 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sys-fs/ecryptfs-utils/Manifest | 1 - sys-fs/ecryptfs-utils/ecryptfs-utils-108-r3.ebuild | 84 ---------------------- 2 files changed, 85 deletions(-)
Repository is clean, all done!
