Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833
authorJohn Johansen <john.johansen@canonical.com>
Thu, 11 Aug 2011 07:44:56 +0000 (00:44 -0700)
committerHerton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Mon, 29 Aug 2011 19:23:10 +0000 (16:23 -0300)
commit1de81dac0d2cdf603f2a1c7e37628e5d689b2df9
tree7616a6d5e082d9ebf458b0f5f988ec462ac93fc1
parentb2ad3e0e1b1eafeeff98bedda724a5962bb7ffaa
Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833

Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
source (device) can be raced when the ownership test is done in userspace.
Provide Ecryptfs a means to force the uid check at mount time.

(backported from commit 764355487ea220fdc2faf128d577d7f679b91f97)
CVE-2011-1833
BugLink: http://bugs.launchpad.net/bugs/732628
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
fs/ecryptfs/main.c