Bug#926481: stretch-pu: package open-vm-tools/2:10.1.5-5055683-4+deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Hi release team,
as discuassed with the security team, I'd like to fix #925959
with the next stable pointrelease. The proposed debdiff is attached.
Please let me know if its okay to upload.
Thanks,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
diff --git a/debian/changelog b/debian/changelog
index 0be9f865..9b8f4cbb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium
+
+ * [34db05f] /tmp/VMwareDnD permissions security fix.
+ Fix possible security issue with the permissions of the intermediate
+ staging directory and path
+ /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be
+ a regular directory, but malicious code or user may create the /tmp/VMwareDnD
+ as a symbolic link which points elsewhere on the system. This may provide
+ user access to user B's files.
+ Do not set the permission of the root directory if the root directory
+ already exists and has the wrong permission. The permission of the directory
+ must be 1777 if it is created by the VMToolsi. If not, then the directory
+ has been created or modified by malicious code or user, so just cancel the
+ host to guest DnD or CnP operation. (Closes: #925959)
+
+ -- Bernd Zeimetz <bzed@debian.org> Fri, 05 Apr 2019 23:10:04 +0200
+
open-vm-tools (2:10.1.5-5055683-4+deb9u1) stretch; urgency=medium
* [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633)
diff --git a/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
new file mode 100644
index 00000000..43daed8a
--- /dev/null
+++ b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
@@ -0,0 +1,54 @@
+commit e88f91b00a715b79255de6576506d80ecfdb064c
+Author: Oliver Kurth <okurth@vmware.com>
+Date: Tue Jan 29 14:03:19 2019 -0800
+
+ Fix possible security issue with the permissions of the intermediate
+ staging directory and path
+
+ /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be
+ a regular directory, but malicious code or user may create the /tmp/VMwareDnD
+ as a symbolic link which points elsewhere on the system. This may provide
+ user access to user B's files.
+
+ Do not set the permission of the root directory if the root directory
+ already exists and has the wrong permission. The permission of the directory
+ must be 1777 if it is created by the VMToolsi. If not, then the directory
+ has been created or modified by malicious code or user, so just cancel the
+ host to guest DnD or CnP operation.
+
+--- a/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
+@@ -276,12 +276,11 @@ DnDCreateRootStagingDirectory(void)
+ }
+
+ if (File_Exists(root)) {
+- if (!DnDRootDirUsable(root) &&
+- !DnDSetPermissionsOnRootDir(root)) {
++ if (!DnDRootDirUsable(root)) {
+ /*
+- * The directory already exists and its permissions are wrong and
+- * cannot be set, so there's not much we can do.
++ * The directory already exists and its permissions are wrong.
+ */
++ Log("%s: The root dir is not usable.\n", __FUNCTION__);
+ return NULL;
+ }
+ } else {
+--- a/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
+@@ -318,12 +318,11 @@ CreateApparentRootDirectory(void)
+ }
+
+ if (File_Exists(root)) {
+- if ( !DnDRootDirUsable(root)
+- && !DnDSetPermissionsOnRootDir(root)) {
++ if (!DnDRootDirUsable(root)) {
+ /*
+- * The directory already exists and its permissions are wrong and
+- * cannot be set, so there's not much we can do.
++ * The directory already exists and its permissions are wrong.
+ */
++ Log_Trivia("dnd: The root dir is not usable.\n");
+ return NULL;
+ }
+ } else {
diff --git a/debian/patches/series b/debian/patches/series
index 2c8fbff7..58f5849b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ from_arch/0001-Fix-vmxnet-module-on-kernels-3.16.patch
debian/enable_vmhgfs-fuse_by_default
debian/vmxnet_fix_kernel_4.7.patch
debian/cve-2015-5191.patch
+e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
Reply to: