File mount-sanitize-paths-from-non-root-users.patch of Package util-linux

From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 14:30:22 +0100
Subject: [PATCH] mount: sanitize paths from non-root users

 $ mount /root/.ssh/../../dev/sda2
 mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot

this is too promiscuous. It seems better to ignore on command line
specified paths which are not resolve-able for non-root users.

Fixed version:

  $ mount /root/.ssh/../../dev/sda2
  mount: /root/.ssh/../../dev/sda2: Permission denied

  $ mount /dev/sda2
  mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot

Note that this bug has no relation to mount(2) permissions evaluation
in suid mode. The way how non-root user specifies paths on command
line is completely irrelevant for comparison with fstab entries.

Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
 sys-utils/Makefile.am |    1 +
 sys-utils/mount.c     |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

Index: util-linux-2.21.2/sys-utils/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
+++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab.
 mount_SOURCES = mount.c \
 		$(top_srcdir)/lib/env.c \
 		$(top_srcdir)/lib/xgetpass.c \
+		$(top_srcdir)/lib/canonicalize.c \
 		$(top_srcdir)/lib/strutils.c
 
 mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -38,6 +38,7 @@
 #include "strutils.h"
 #include "exitcodes.h"
 #include "xalloc.h"
+#include "canonicalize.h"
 
 /*** TODO: DOCS:
  *
@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab
 	return fstab;
 }
 
+/*
+ * Check source and target paths -- non-root user should not be able to
+ * resolve paths which are unreadable for him.
+ */
+static void sanitize_paths(struct libmnt_context *cxt)
+{
+	const char *p;
+	struct libmnt_fs *fs = mnt_context_get_fs(cxt);
+
+	if (!fs)
+		return;
+
+	p = mnt_fs_get_target(fs);
+	if (p) {
+		char *np = canonicalize_path_restricted(p);
+		if (!np)
+			err(MOUNT_EX_USAGE, "%s", p);
+		mnt_fs_set_target(fs, np);
+		free(np);
+	}
+
+	p = mnt_fs_get_srcpath(fs);
+	if (p) {
+		char *np = canonicalize_path_restricted(p);
+		if (!np)
+			err(MOUNT_EX_USAGE, "%s", p);
+		mnt_fs_set_source(fs, np);
+		free(np);
+	}
+}
+
 static void __attribute__((__noreturn__)) usage(FILE *out)
 {
 	fputs(USAGE_HEADER, out);
@@ -880,6 +912,9 @@ int main(int argc, char **argv)
 	} else
 		usage(stderr);
 
+	if (mnt_context_is_restricted(cxt))
+		sanitize_paths(cxt);
+
 	if (oper) {
 		/* MS_PROPAGATION operations, let's set the mount flags */
 		mnt_context_set_mflags(cxt, oper);