Bug#858917: marked as done (unblock: eject/2.1.5+deb1+cvs20081104-13.2)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#858917: marked as done (unblock: eject/2.1.5+deb1+cvs20081104-13.2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 28 Mar 2017 20:33:07 +0000
Message-id: <[🔎] handler.858917.D858917.149073299114961.ackdone@bugs.debian.org>
References: <33b6761d-0eea-aecb-34ab-01e1485a300e@thykier.net> <[🔎] 149071719381.28832.4597139282241163145.reportbug@eldamar.local>

Your message dated Tue, 28 Mar 2017 20:28:00 +0000
with message-id <33b6761d-0eea-aecb-34ab-01e1485a300e@thykier.net>
and subject line Re: Bug#858917: unblock: eject/2.1.5+deb1+cvs20081104-13.2
has caused the Debian Bug report #858917,
regarding unblock: eject/2.1.5+deb1+cvs20081104-13.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
858917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858917
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: eject/2.1.5+deb1+cvs20081104-13.2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 28 Mar 2017 18:06:33 +0200
Message-id: <[🔎] 149071719381.28832.4597139282241163145.reportbug@eldamar.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi

Please unblock package eject

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to
check if a given device is an encrypted device handled by devmapper, and used
in eject, does not check return values from setuid() and setgid() when dropping
privileges. It is not clear if that can be used to execute code as root, since
all what comes after dropping privileges should be actually from trusted
source. But we wanted to be rather sure and released a DSA for eject.

Attached is the debdiff against the version in testing.

unblock eject/2.1.5+deb1+cvs20081104-13.2

Regards,
Salvatore

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -u eject-2.1.5+deb1+cvs20081104/debian/changelog eject-2.1.5+deb1+cvs20081104/debian/changelog
--- eject-2.1.5+deb1+cvs20081104/debian/changelog
+++ eject-2.1.5+deb1+cvs20081104/debian/changelog
@@ -1,3 +1,11 @@
+eject (2.1.5+deb1+cvs20081104-13.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2017-6964: Check the return values when dropping privileges
+    (Closes: #858872)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 28 Mar 2017 06:22:15 +0200
+
 eject (2.1.5+deb1+cvs20081104-13.1) unstable; urgency=low
 
   [ Ankit Sinha ]
diff -u eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
--- eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
+++ eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
@@ -58,8 +58,10 @@
         return 1;
 
     /* Drop all privileges */
-    setgid(getgid());
-    setuid(getuid());
+    if (setgid(getgid()))
+        return 1;
+    if (setuid(getuid()))
+        return 1;
 
     if (!dm_task_get_info(dmt, &dmi))
         return 1;

--- End Message ---

--- Begin Message ---

To: Cyril Brulebois <kibi@debian.org>

Cc: Salvatore Bonaccorso <carnil@debian.org>, 858917-done@bugs.debian.org

Subject: Re: Bug#858917: unblock: eject/2.1.5+deb1+cvs20081104-13.2

From: Niels Thykier <niels@thykier.net>

Date: Tue, 28 Mar 2017 20:28:00 +0000

Message-id: <33b6761d-0eea-aecb-34ab-01e1485a300e@thykier.net>

In-reply-to: <[🔎] 20170328201506.GA17320@mraw.org>

References: <[🔎] 149071719381.28832.4597139282241163145.reportbug@eldamar.local> <[🔎] b6e454eb-5244-9320-a09a-e2e614a7da32@thykier.net> <[🔎] 20170328201506.GA17320@mraw.org>
Cyril Brulebois:
> Niels Thykier <niels@thykier.net> (2017-03-28):
>> Ok with me; CC'ing KiBi for a d-i ack.
> 
> d-'hi ACK.
> 
> 
> KiBi.
> 

Unblocked it is! :)

Thanks,
~Niels
--- End Message ---

Reply to:

References:
- Bug#858917: unblock: eject/2.1.5+deb1+cvs20081104-13.2
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#858917: unblock: eject/2.1.5+deb1+cvs20081104-13.2
Next by Date: Bug#858864: marked as done (unblock: celery/3.1.23-6)
Previous by thread: Processed: Re: Bug#858917: unblock: eject/2.1.5+deb1+cvs20081104-13.2
Next by thread: Bug#858925: unblock: dsdp/5.8-9.4
Index(es):
- Date
- Thread