This patch add libseccomp based syscalls filter to disable TIOCSTI
ioctl in su/runuser children.
IMHO it is not elegant solution due to dependence on libseccomp
(--without-seccomp if hate it)... but there is nothing better for now.
Addresses: CVE-2016-2779
Signed-off-by: Karel Zak <kzak@redhat.com>
when mounting a cifs share, the src is actually an UNC path which can in
in several forms:
simple: //host/share, //host/share/
including subpath: //host/share/sub/path
to check if the cifs fs is mounted we have to extract the subpath and
compare *that* to the root.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
The text-utility ul can run into a buffer overflow on very long lines.
See this proof of concept how to reproduce the issue:
$ dd if=/dev/zero bs=1M count=10 | tr '\000' '\041' > poc.txt
$ echo -ne '\xe\x5f\x8\x5f\x61\x2\xf\x5f\x8\x5f' | dd of=poc.txt conv=notrunc
$ ul -i poc.txt > /dev/null # output would take ages
Segmentation fault
$ _
The problem manifests by using alloca with "maxcol", which can be as
large as INT_MAX, based on the input line.
A very long line (> 8 MB) with modes must be supplied to ul, as seen in
my proof of concept byte sequence above.
It is rather easy to fix this issue: allocate space on the heap instead.
maxcol could overflow here, but in that case no system will have enough
space to handle the request, properly ending ul through an err() call.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This new API provides full control on multi-line cells, you can wrap
text by new lines (build-in support) or by another way (after words,
commas, etc.) Changes:
* new scols_column_set_wrapfunc() sets pointers to two callback functions
1/ chunksize() - returns largest data chunk size; used when we
calculate columns width
2/ nextchunk() - terminate the current chunk and returns pointer to
the next; used when we print data
* remove SCOLS_FL_WRAPNL and add new functions scols_wrapnl_chunksize()
and scols_wrapnl_nextchunk() to provide build-in functionality to
wrap cells on \n
* remove scols_column_is_wrapnl() add scols_column_is_customwrap()
(returns true if custom wrap functions are defined)
* add scols_column_set_safechars() and scols_column_get_safechars() to
allow to control output encoding, safe chars are not encoded by \xFOO
* modify "fromfile" test code to use build-in scols_wrapnl_* callbacks
for "wrapnl" tests
* add new function scols_column_get_table()
Signed-off-by: Karel Zak <kzak@redhat.com>
Change behavior:
* scols_table_set_symbols(tb, NULL) remove reference to the current symbols setting
and does not set default symbols at all
Add new functions:
* scols_table_get_symbols()
* scols_table_set_default_symbols()
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'api_const' of https://github.com/ignatenkobrain/util-linux:
libsmartcols: use const qualifier where it's possible
debug: use const void * for ul_debugobj()
libsmartcols: make get_line/column_separator() return const
The current code does not work as expected if there is an option
behind the discard=<arg>, for example:
swapon /dev/sdc -o discard=once,pri=10
ignores "once" the result is SWAP_FLAG_DISCARD; strace:
Old version:
swapon("/dev/sdc", SWAP_FLAG_PREFER|SWAP_FLAG_DISCARD|10) = 0
Fixed version:
swapon("/dev/sdc", SWAP_FLAG_PREFER|SWAP_FLAG_DISCARD|SWAP_FLAG_DISCARD_ONCE|10) = 0
Signed-off-by: Karel Zak <kzak@redhat.com>
We don't modify data it's pointing out and we should not modify it.
Also remove casting to void * as gcc will do it automatically (before
we had to cast it explicitly to avoid warning on discarding 'const'
qualifier).
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
The patch introduces tiny API changes (char * -> const char *) for
scols_table_get_line_separator
scols_table_get_column_separator
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
Karel Zak
Sebastian Rasmussen
Jakub Bogusz
Benno Schulenberg
Takeshi Hamasaki
Antonio Ceballos Roa
Philipp Thomas
Petr Písař
Stanislav Brabec
Aurelien Aptel
Tobias Stoeckmann
Sami Kerola
Igor Gnatenko