[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#926481: marked as done (stretch-pu: package open-vm-tools/2:10.1.5-5055683-4+deb9u2)

Your message dated Sat, 07 Sep 2019 14:37:11 +0100
with message-id <17351b82f829eb6917f78885cb849c4060b0a4a6.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in 9.10 point release
has caused the Debian Bug report #926481,
regarding stretch-pu: package open-vm-tools/2:10.1.5-5055683-4+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926481: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926481
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hi release team,

as discuassed with the security team, I'd like to fix #925959
with the next stable pointrelease. The proposed debdiff is attached.


Please let me know if its okay to upload.

Thanks,

Bernd

-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

diff --git a/debian/changelog b/debian/changelog
index 0be9f865..9b8f4cbb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium
+
+  * [34db05f] /tmp/VMwareDnD permissions security fix.
+    Fix possible security issue with the permissions of the intermediate
+    staging directory and path
+    /tmp/VMwareDnD is a staging directory used for DnD and CnP.  It should be
+    a regular directory, but malicious code or user may create the /tmp/VMwareDnD
+    as a symbolic link which points elsewhere on the system.  This may provide
+    user access to user B's files.
+    Do not set the permission of the root directory if the root directory
+    already exists and has the wrong permission.  The permission of the directory
+    must be 1777 if it is created by the VMToolsi.  If not, then the directory
+    has been created or modified by malicious code or user, so just cancel the
+    host to guest DnD or CnP operation. (Closes: #925959)
+
+ -- Bernd Zeimetz <bzed@debian.org>  Fri, 05 Apr 2019 23:10:04 +0200
+
 open-vm-tools (2:10.1.5-5055683-4+deb9u1) stretch; urgency=medium
 
   * [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633)
diff --git a/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
new file mode 100644
index 00000000..43daed8a
--- /dev/null
+++ b/debian/patches/e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch
@@ -0,0 +1,54 @@
+commit e88f91b00a715b79255de6576506d80ecfdb064c
+Author: Oliver Kurth <okurth@vmware.com>
+Date:   Tue Jan 29 14:03:19 2019 -0800
+
+    Fix possible security issue with the permissions of the intermediate
+    staging directory and path
+    
+    /tmp/VMwareDnD is a staging directory used for DnD and CnP.  It should be
+    a regular directory, but malicious code or user may create the /tmp/VMwareDnD
+    as a symbolic link which points elsewhere on the system.  This may provide
+    user access to user B's files.
+    
+    Do not set the permission of the root directory if the root directory
+    already exists and has the wrong permission.  The permission of the directory
+    must be 1777 if it is created by the VMToolsi.  If not, then the directory
+    has been created or modified by malicious code or user, so just cancel the
+    host to guest DnD or CnP operation.
+
+--- a/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c
+@@ -276,12 +276,11 @@ DnDCreateRootStagingDirectory(void)
+    }
+ 
+    if (File_Exists(root)) {
+-      if (!DnDRootDirUsable(root) &&
+-          !DnDSetPermissionsOnRootDir(root)) {
++      if (!DnDRootDirUsable(root)) {
+          /*
+-          * The directory already exists and its permissions are wrong and
+-          * cannot be set, so there's not much we can do.
++          * The directory already exists and its permissions are wrong.
+           */
++         Log("%s: The root dir is not usable.\n", __FUNCTION__);
+          return NULL;
+       }
+    } else {
+--- a/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
++++ b/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c
+@@ -318,12 +318,11 @@ CreateApparentRootDirectory(void)
+    }
+ 
+    if (File_Exists(root)) {
+-      if (   !DnDRootDirUsable(root)
+-          && !DnDSetPermissionsOnRootDir(root)) {
++      if (!DnDRootDirUsable(root)) {
+          /*
+-          * The directory already exists and its permissions are wrong and
+-          * cannot be set, so there's not much we can do.
++          * The directory already exists and its permissions are wrong.
+           */
++         Log_Trivia("dnd: The root dir is not usable.\n");
+          return NULL;
+       }
+    } else {
diff --git a/debian/patches/series b/debian/patches/series
index 2c8fbff7..58f5849b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ from_arch/0001-Fix-vmxnet-module-on-kernels-3.16.patch
 debian/enable_vmhgfs-fuse_by_default
 debian/vmxnet_fix_kernel_4.7.patch
 debian/cve-2015-5191.patch
+e88f91b00a715b79255de6576506d80ecfdb064c_vmware_dnd_fix.patch

--- End Message ---
--- Begin Message --- 
Version: 9.10

Hi,

The fixes referenced by each of these bugs were included in today's
stretch point release (9.10).

Regards,

Adam

--- End Message ---
Reply to: