diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-02-09 09:40:31 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2015-02-09 09:40:31 +0200 |
commit | b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186 (patch) | |
tree | 5a89b82ea77034ddfec1741ed3d4b3a2d39c3d2a /main/fuse | |
parent | 93bf317ffed831452c69550b0179e2ded06aac7b (diff) | |
download | aports-b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186.tar.bz2 aports-b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186.tar.xz |
main/fuse: fix user mounting under grsec kernel
If the user is was not in readproc group, realpath() would fail
causing fusermount to fail. The privilege drop for realpath() is
unnecessary as the real access checks are done in other places.
Diffstat (limited to 'main/fuse')
-rw-r--r-- | main/fuse/APKBUILD | 6 | ||||
-rw-r--r-- | main/fuse/fix-realpath.patch | 28 |
2 files changed, 33 insertions, 1 deletions
diff --git a/main/fuse/APKBUILD b/main/fuse/APKBUILD index 884ab5f5f1..eadcabf2ea 100644 --- a/main/fuse/APKBUILD +++ b/main/fuse/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=fuse pkgver=2.9.3 -pkgrel=1 +pkgrel=2 pkgdesc="A library that makes it possible to implement a filesystem in a userspace program." url="http://fuse.sourceforge.net/" arch="all" @@ -12,6 +12,7 @@ install= subpackages="$pkgname-dev" source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz fix-includes.patch + fix-realpath.patch fuse.initd" options="suid" @@ -70,10 +71,13 @@ _EOF_ md5sums="33cae22ca50311446400daf8a6255c6a fuse-2.9.3.tar.gz c08ad52ccd6ff8cc7c8ebf73c5d588ea fix-includes.patch +790b837275346e77d5f88a4778062ab7 fix-realpath.patch 5983726cfabf0830dffbbbf9a3abcddc fuse.initd" sha256sums="0beb83eaf2c5e50730fc553406ef124d77bc02c64854631bdfc86bfd6437391c fuse-2.9.3.tar.gz 72cf0964e5713f363d9dc0f9881512cdbdd05a5866ac95f1ea9df6305a189459 fix-includes.patch +9031e6df6e0b3e46c7e0117bba6e2eeb879de8d742dc54f592a16033d4dda89b fix-realpath.patch 22a22c914d2a4f0fb5fc8495f4b7efcd1819efde548c9033ca612c181cd29eda fuse.initd" sha512sums="03f43f88694ec7e039ff3579a8e76349b5a5a05872c55901fc1d9ee53dbb6b1e69f6dd0005b620f3b5ead0b14da8eeb31d46b922d10f88f4e3f830aa47e8162c fuse-2.9.3.tar.gz 147edb099e9dc5dad806882393b9a59feac0d22105764c87f7674b5f8b5242517034ca20ce36c931c5dd6ab18864f5aa267d1e1cd0adb81518f479de3c392d80 fix-includes.patch +5672ceb35acabb4bd97b6efc30614f22def62882fe198e2a8598a074d45b6b5337c082a5e09b5e399b6e5212dc1fbde9071c2a5051534c32091444c350b9c657 fix-realpath.patch 3d2765114081c8f6720ed25d7b7da4f6da5fbbb5b35760bb0a760f0bf2482abacabec63c1488d4e8cbe4f78875574607e6e46508dfe22df0869f4d2e1e91e607 fuse.initd" diff --git a/main/fuse/fix-realpath.patch b/main/fuse/fix-realpath.patch new file mode 100644 index 0000000000..1199eb338d --- /dev/null +++ b/main/fuse/fix-realpath.patch @@ -0,0 +1,28 @@ +--- fuse-2.9.3.orig/util/fusermount.c 2015-02-07 08:58:54.000000000 -0200 ++++ fuse-2.9.3/util/fusermount.c 2015-02-09 09:15:16.737367957 -0200 +@@ -1255,19 +1255,16 @@ + + origmnt = argv[optind]; + +- drop_privs(); + mnt = fuse_mnt_resolve_path(progname, origmnt); +- if (mnt != NULL) { +- res = chdir("/"); +- if (res == -1) { +- fprintf(stderr, "%s: failed to chdir to '/'\n", progname); +- exit(1); +- } +- } +- restore_privs(); + if (mnt == NULL) + exit(1); + ++ res = chdir("/"); ++ if (res == -1) { ++ fprintf(stderr, "%s: failed to chdir to '/'\n", progname); ++ exit(1); ++ } ++ + umask(033); + if (unmount) + goto do_unmount; |