Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833
authorJohn Johansen <john.johansen@canonical.com>
Thu, 11 Aug 2011 07:44:56 +0000 (00:44 -0700)
committerAndy Whitcroft <apw@canonical.com>
Fri, 12 Aug 2011 09:29:39 +0000 (10:29 +0100)
commit2fcabd97270a02123c609fbf1c2afb52bb3786f3
treefa5b7456cb680264fa1e02de8bea6fc082144d9a
parent0d687f55f2c18a884fd9385c7f7362cd5a3d9a88
Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833

Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
source (device) can be raced when the ownership test is done in userspace.
Provide Ecryptfs a means to force the uid check at mount time.

(backported from commit 764355487ea220fdc2faf128d577d7f679b91f97)
CVE-2011-1833
BugLink: http://bugs.launchpad.net/bugs/732628
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
fs/ecryptfs/main.c