commit 2c967a86914d3969e585c5cb43c6355947a4c68f Author: zyppe <210hcl@gmail.com> Date: Sat Feb 10 22:19:31 2024 +0800 Initialize for fuse diff --git a/.fuse.metadata b/.fuse.metadata new file mode 100644 index 0000000..56615b9 --- /dev/null +++ b/.fuse.metadata @@ -0,0 +1 @@ +665d45d95d3ed9b3e4a214a9fafd78b6e640b0800c93ed1401a8410cebd96743 fuse-2.9.7.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b12f109 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +fuse-2.9.7.tar.gz diff --git a/aarch64-build-fix.patch b/aarch64-build-fix.patch new file mode 100644 index 0000000..61846da --- /dev/null +++ b/aarch64-build-fix.patch @@ -0,0 +1,16 @@ +--- include/fuse_kernel.h ++++ include/fuse_kernel.h +@@ -85,12 +85,7 @@ + #ifndef _LINUX_FUSE_H + #define _LINUX_FUSE_H + +-#include +-#define __u64 uint64_t +-#define __s64 int64_t +-#define __u32 uint32_t +-#define __s32 int32_t +-#define __u16 uint16_t ++#include + + /* + * Version negotiation: diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..197df75 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libfuse2 diff --git a/fuse-2.9.7.tar.gz.asc b/fuse-2.9.7.tar.gz.asc new file mode 100644 index 0000000..fd503db --- /dev/null +++ b/fuse-2.9.7.tar.gz.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQKgBAABCgCKBQJXaEo6XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRDMxNzkxQjJDNUMxNjEzQUYzODhCOEFE +MTEzRkNBQzNDNEU1OTlGIxpodHRwOi8vd3d3LnJhdGgub3JnL2dwZ3BvbGljeS5o +dG1sAAoJENET/Kw8TlmfCfUP/36GmAhqrDt5SIQruYUETuJMlZ7G5CVUYWlTXpy3 +sqoeGiYePDonlx1fHqutuTxj/btqSphbn5d+4Uj8AsobiKsNGmMxdmdQH3QO7g61 +Qe5Wzk2d89Ge3GzkyjEVK5EkbptKWmhEgcX4OQgNzJ34O49cAu6IA8sCcAR3HgBw +sbtfh33G+d94QaqQHj1FDQJV4KmyYUAG7RLMiDv+O9F16ZG7kQS8a1BQwPlrvxKs +vMzTbULium/quP7SwlYIOSdpcnx6TULLbwafbmXCt6zze7zbGAhGmW03Lzu5g3uj +exazwzKbZiHgadAXCSoWGOJXYnZ8N7W+69q72emAHl2LO3nEyttkSVa3/6LAJrYw +VQqEnBhCLi12bo7wTBzijjMilXRdxU0s47qmNGQnnQdFSoj99ilgDVKZCCQlHTtY +dSLVAR9fKyMlqNUPEsl1ZoFe/Zjjl1ZGAu4JUFUXMIurpRXO/EqTddvLpemXl8rP +8kVAAwp0rPFRT2DHDg0OMqvwmDPvWbiOIVgtCiTMffuILWx+sJkj4sTa+uce49gM +/XlGlrxKVgk7KOTaSsKXva5BZv+8zf4BhuZrtmGEWaPqr/8soCh6CRyJg3sfkvW/ +v6R9Q4VxG/IPSpdL2fQGmVIPxQW5QwOytTJvZHApmJ+Ve8R2JlXbpkLRnfAtN10f +iAHy +=sqI5 +-----END PGP SIGNATURE----- diff --git a/fuse-install-fix.diff b/fuse-install-fix.diff new file mode 100644 index 0000000..269631f --- /dev/null +++ b/fuse-install-fix.diff @@ -0,0 +1,32 @@ +--- fuse-2.9.2.orig/util/Makefile.am 2012-07-19 07:33:49.000000000 -0500 ++++ fuse-2.9.2/util/Makefile.am 2013-03-04 09:23:23.000000000 -0600 +@@ -20,14 +20,6 @@ + ulockmgr_server_CPPFLAGS = -D_FILE_OFFSET_BITS=64 -D_REENTRANT + ulockmgr_server_LDFLAGS = -pthread + +-install-exec-hook: +- -chmod u+s $(DESTDIR)$(bindir)/fusermount +- @if test ! -e $(DESTDIR)/dev/fuse; then \ +- $(MKDIR_P) $(DESTDIR)/dev; \ +- echo "mknod $(DESTDIR)/dev/fuse -m 0666 c 10 229 || true"; \ +- mknod $(DESTDIR)/dev/fuse -m 0666 c 10 229 || true; \ +- fi +- + EXTRA_DIST = udev.rules init_script + + MOUNT_FUSE_PATH = @MOUNT_FUSE_PATH@ +@@ -39,14 +31,8 @@ + $(INSTALL_PROGRAM) $(builddir)/mount.fuse $(DESTDIR)$(MOUNT_FUSE_PATH)/mount.fuse + $(MKDIR_P) $(DESTDIR)$(INIT_D_PATH) + $(INSTALL_SCRIPT) $(srcdir)/init_script $(DESTDIR)$(INIT_D_PATH)/fuse +- @if test -x /usr/sbin/update-rc.d; then \ +- echo "/usr/sbin/update-rc.d fuse start 34 S . start 41 0 6 . || true"; \ +- /usr/sbin/update-rc.d fuse start 34 S . start 41 0 6 . || true; \ +- fi + + install-data-local: +- $(MKDIR_P) $(DESTDIR)$(UDEV_RULES_PATH) +- $(INSTALL_DATA) $(srcdir)/udev.rules $(DESTDIR)$(UDEV_RULES_PATH)/99-fuse.rules + + uninstall-local: + rm -f $(DESTDIR)$(MOUNT_FUSE_PATH)/mount.fuse diff --git a/fuse.changes b/fuse.changes new file mode 100644 index 0000000..fd4a81d --- /dev/null +++ b/fuse.changes @@ -0,0 +1,276 @@ +* Tue Sep 11 2018 rgoldwyn@suse.com +- user_allow_other restriction may be bypassed (bsc#1101797, CVE-2018-10906) + - fusermount-prevent-silent-truncation-of-mount-options.patch + - fusermount-dont-feed-escaped-commans-into-mount-options.patch + - fusermount-bail-out-on-transient-config-read-failure.patch + - fusermount-refuse-unknown-options.patch + - fusermount-whitelist-known-good-filesystems-for-mountpoints.patch +* Mon Oct 16 2017 admorgan@morgancomputers.net +- Fix download link in fuse.spec +* Fri Oct 6 2017 admorgan@morgancomputers.net +- fuse 2.9.7 + * Shared-object version has now been bumped correctly. + * Added SELinux support. + * Fixed race-condition when session is terminated right after + starting a FUSE file system. +* Mon Jul 31 2017 fcrozat@suse.com +- Ensure trusted group is available on Tumbleweed. +* Fri Jan 22 2016 astieger@suse.com +- fuse 2.9.5: + * fix warning in mount.c:receive_fd(). + * fix possible memory leak. + * new upstream project and source URL + * add new maintainer keyring and verify source signature +* Fri May 22 2015 mszeredi@suse.cz +- Update to version 2.9.4 + - fix exec environment for mount and umount (bsc#931452, + CVE-2015-3202) + - properly restore the default signal handler + - fix directory file handle passed to ioctl() method. + - fix for uids/gids larger than 2147483647 + - initialize stat buffer passed to ->getattr() and ->fgetattr() +* Wed Dec 10 2014 bwiedemann@suse.com +- include commented default fuse.conf (bnc#908292) +* Wed Jul 24 2013 mszeredi@suse.cz +- Update to version 2.9.3 + - Bug fixes +- Remove fuse-gnu_source.patch (fixed upstream) +* Sun Jun 16 2013 dmueller@suse.com +- add aarch64-build-fix.patch +* Wed Mar 27 2013 mmeister@suse.com +- Added url as source. + Please see http://en.opensuse.org/SourceUrls +* Tue Mar 26 2013 dmueller@suse.com +- fix build for SLE_11 +* Fri Mar 8 2013 idonmez@suse.com +- Use autoreconf directly instead of makeconf.sh +* Mon Mar 4 2013 archie@dellroad.org +- Update to version 2.9.2 + - Add support for fallocate() (kernel >= 3.5) + - Bug fixes +- Remove fix-pthread-in-fuse.pc.patch; now included in upstream +- Don't patch generated files such as configure and Makefile.in; + instead, regenerate them using makeconf.sh from SVN repository +* Sat Feb 2 2013 coolo@suse.com +- update license to new format +* Mon Jul 2 2012 coolo@suse.com +- avoid autoreconf to avoid breaking on updates of auto* tools +* Sat May 26 2012 jengelh@inai.de +- Remove redundant tags/sections from specfile +- Parallel build with %%_smp_mflags +- Trim list of FUSE fses from description (it's literally endless) + and text inappropraite for subpackages +* Wed May 16 2012 mszeredi@suse.cz +- Fix -pthread in fuse.pc [bnc#761117] +* Thu Apr 26 2012 rschweikert@suse.com +- place binaries in /usr tree (UsrMerge project) +* Sun Apr 22 2012 puzel@suse.com +- update to 2.9.0 + - Add "zero copy" support for kernel 2.6.35 or newer + - Make maximum background requests tunable on kernel 2.6.32 or + newer + - Require --no-canonicalize in (u)mount (util-linux version 2.18 + or newer) to fix security problems with fusermount + - Use dynamically sized hash tables in high level library + - Memory use of filesystem daemon can shrink more easily + - Add "auto_unmount" option + - Add "remember" option + - Add man pages for fusermount, mount.fuse and ulockmgr_server + - API changes: + - Introduce "store" and "retrieve" for accessing kernel + buffers on kernel 2.6.36 or newer + - Introduce abstract buffer for zero copy operations + - Allow path calculation to be omitted on certain operations + - Allow batching forget requests + - Add "flock" method + - Add support for ioctl on directories + - Add delete notification +- drop fuse-pc-remove-libdir-from-Libs.diff (upstream) +* Wed Jan 25 2012 mszeredi@suse.cz +- use %%set_permissions instead of %%run_permissions in specfile +* Wed Jan 25 2012 mszeredi@suse.cz +- compile /bin/fusermount as a position independent executable + [bnc#743155] +* Wed Jan 25 2012 mszeredi@suse.cz +- update to 2.8.7 + * fix ambiguous symbol version for fuse_chan_new + * prevent calling ulockmgr_server with illegal arguments + * fix hang in wait_on_path() +* Thu Nov 3 2011 mszeredi@suse.cz +- handle case of failure to allocate request [bnc#723616] +* Sat Oct 1 2011 coolo@suse.com +- add libtool as buildrequire to make the spec file more reliable +* Mon Sep 26 2011 mhrusecky@suse.cz +- enabling libulockmgr +* Mon Aug 29 2011 crrodriguez@opensuse.org +- Must define _GNU_SOURCE to get clone() system call. +* Mon Mar 21 2011 coolo@novell.com +- licenses package is about to die +* Thu Feb 17 2011 mszeredi@suse.cz +- In case of failure to add to /etc/mtab don't umount. [bnc#668820] + [CVE-2011-0541] +* Tue Nov 16 2010 mszeredi@suse.cz +- Fix symlink attack for mount and umount [bnc#651598] +* Wed Oct 27 2010 mszeredi@suse.cz +- Remove /etc/init.d/boot.fuse [bnc#648843] +* Tue Sep 28 2010 mszeredi@suse.cz +- update to 2.8.5 + * fix option escaping for fusermount [bnc#641480] +* Wed Apr 28 2010 mszeredi@suse.cz +- keep examples and internal docs in devel package (from jnweiger) +* Mon Apr 26 2010 mszeredi@suse.cz +- update to 2.8.4 + * fix checking for symlinks in umount from /tmp + * fix umounting if /tmp is a symlink +* Tue Feb 2 2010 mszeredi@suse.cz +- update to 2.8.3 + * fix unmounting with util-linux version >= 2.17 +* Wed Jan 27 2010 mszeredi@suse.cz +- update to 2.8.2 + * fix unmount race (CVE-2009-3297) + * fix deadlock with "audit" subsystem on mount (also requires + util-linux-ng version >=2.17) +* Wed Jan 6 2010 jengelh@medozas.de +- package baselibs.conf +* Wed Dec 16 2009 kruber@zib.de +- update to 2.8.1: + * fix missing versioned symbol fuse_get_context@FUSE_2.2 +* Sun Sep 6 2009 pascal.bleser@opensuse.org +- update to 2.8.0: + * more scalable directory tree locking + * atomic open(O_TRUNC) support + * support big write requests on kernels 2.6.26 and newer + * out-of-tree fuse module removed + * better NFS exporting support + * new ioctl and poll requests + * new CUSE (Character Device in Userspace) interface + * allow umask processing in userspace + * added cache invalidation notifications + * bugfixes and small improvements +* Thu Jul 30 2009 aj@suse.de +- Fix exclude usage. +* Tue Apr 21 2009 crrodriguez@suse.de +- remove static libraries and "la" files +- spec file cleanup +- update to version 2.7.4 + * Fix missing pthread_mutex_destroy in error path of + fuse_lib_opendir(). Patch by Szabolcs Szakacsits +* Fri Apr 3 2009 coolo@suse.de +- adding baselibs.conf to build -xxbit +* Mon Dec 1 2008 ro@suse.de +- check for /.buildenv before stop_on_removal +* Mon Dec 17 2007 mszeredi@suse.de +- Update to version 2.7.2 + * Fix a symbol versioning mistake + * Fix a deadlock on termination, if umount is synchronous + * Fix umounting if /etc/mtab is a symlink +* Fri Nov 23 2007 mszeredi@suse.de +- Update to version 2.7.1 + * Add missing context initialization in fuse_fs_chmod() + * Fix a fuse_req leak in do_forget() + * Work around hotplug issue + * Reset args->argc in fuse_opt_free_args() +* Sun Sep 2 2007 aj@suse.de +- Fix building. +- Rename rpmlintrc to fuse.rpmlintrc and add it as source. +* Fri Aug 31 2007 mszeredi@suse.de +- fix location of COPYING files (#306681) +* Fri Aug 10 2007 bk@suse.de +- branch off libfuse2 to avoid having to start fuse on boot (#285101) +- Add "Supplements: filesystem(fuse)" in case someone looks for fuse +- libulockmgr and ulockmgr_server are separate from fuse (#285101) +* Fri Jul 13 2007 mszeredi@suse.de +- conditionally add udev rule if building with 10.2 or earlier +* Thu Jul 5 2007 bk@suse.de +- update to new major release 2.7.0: + * Support for stacking filesystem modules + * New module for converting filename character sets + * "setuid=USER" allows to do "su - USER" for the filesystem + * fs subtype has been added to libfuse and the mount commands + * Several problems have been addressed, e.g. mount.fuse is rewritten + the multithreaded loop uses a semaphore instead of signals, + improved locking and O_APPEND is fixed in direct IO mode +* Tue Jul 3 2007 bk@suse.de +- move libs and programs to /lib and /bin, recommended for ntfs-3g +* Mon Jun 18 2007 dmueller@suse.de +- fix boot.fuse to start after boot.localfs +* Fri May 4 2007 mszeredi@suse.de +- fix build error +* Wed May 2 2007 mszeredi@suse.de +- updated to version 2.6.5 + * mount.fuse script fixes + * fix exiting on umount for filesystems which block SIGHUP +- udev rule for fuse device is now in udev package +- don't remove fuse module in the init-script +- use 'fusectl' as the filesystem source +* Fri Feb 9 2007 ro@suse.de +- change fillup_and_insserv to insserv_force_if_yast in post-script + (there is no sysconfig file involved here) +* Wed Feb 7 2007 mszeredi@suse.cz +- added init script which loads the fuse module and mounts the control + filesystem (#223663) +* Mon Feb 5 2007 mszeredi@suse.cz +- updated to version 2.6.3: + * fix regression causing an abort during heavy filesystem use + * update author's email +* Tue Jan 30 2007 tiwai@suse.de +- updated to version 2.6.2: + * fix 64bit compile problems + * fix fuse_teardown problem + * fix unaligned access in file descriptor in libfuse + * fix detection of fuseblk + * fix use after free in fuse_flush + * fix compatible API for opts == NULL +* Thu Jan 18 2007 tiwai@suse.de +- fix compat API (#233870) +* Tue Dec 19 2006 tiwai@suse.de +- updated to version 2.6.1: + * improved fusermout help texts + * fix automake problems +* Sun Oct 22 2006 cthiel@suse.de +- update to version 2.6.0 + * Improved read characteristics (asynchronous reads) + * Support for aborting filesystem connection + * POSIX file locking support + * Request interruption support + * Building module for Linux kernels earlier than 2.6.9 not supported + * Allow block device based filesystems to support swap files + * Several bugs fixed, including a rare system hang on SMP +* Mon Aug 21 2006 cthiel@suse.de +- fix requirements of -devel package, to require fuse by version (#200496) +* Tue Aug 8 2006 tiwai@suse.de +- fixed a syntax error in udev rules. +* Mon Jul 3 2006 cthiel@suse.de +- fix build +* Mon May 15 2006 tiwai@suse.de +- updated to version 2.5.3. + * Add missing rwlock initialization + * Fix negative entry handling. + * Fix race between RELEASE and UNLINK, which might leave + .fuse_hidden* files around + * libfuse: fix use-after-free bug in interruptred reply_entry(). +* Fri Feb 3 2006 cthiel@suse.de +- update to version 2.5.2 + * lib: if "fsname=" option was given, pass it to fusermount + * fuse_opt: fix memory leak in handling "--" option + * fuse_opt.h: fix incompatibility with C++ compilers by renaming + 'template' structure member to 'templ' + * fuse.h: fix compatibility bugs. +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Sat Jan 14 2006 cthiel@suse.de +- update to version 2.5.0 +* Wed Nov 23 2005 cthiel@suse.de +- update to version 2.4.2 +- changed permission of /usr/bin/fusermount to 4755 +* Fri Oct 28 2005 cthiel@suse.de +- readded -fno-strict-aliasing +* Fri Oct 28 2005 cthiel@suse.de +- update to version 2.4.1 +* Fri Sep 30 2005 tiwai@suse.de +- fixed CFLAGS to pass RPM_OPT_FLAGS. +- added -fno-strict-aliasing. +* Wed Jun 8 2005 tiwai@suse.de +- updated to version 2.3.0. +* Tue Feb 3 2004 adrian@suse.de +- initial package of version 1.1-pre2 diff --git a/fuse.conf b/fuse.conf new file mode 100644 index 0000000..c8d907e --- /dev/null +++ b/fuse.conf @@ -0,0 +1,18 @@ +# The file /etc/fuse.conf allows for the following parameters: +# +# user_allow_other - Using the allow_other mount option works fine as root, in +# order to have it work as user you need user_allow_other in /etc/fuse.conf as +# well. (This option allows users to use the allow_other option.) You need +# allow_other if you want users other than the owner to access a mounted fuse. +# This option must appear on a line by itself. There is no value, just the +# presence of the option. + +#user_allow_other + + +# mount_max = n - this option sets the maximum number of mounts. +# Currently (2014) it must be typed exactly as shown +# (with a single space before and after the equals sign). + +#mount_max = 1000 + diff --git a/fuse.keyring b/fuse.keyring new file mode 100644 index 0000000..f70db15 --- /dev/null +++ b/fuse.keyring @@ -0,0 +1,77 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.5+ +Comment: Hostname: keys2.kfwebs.net + +mQINBFMiefoBEADYa1ZUqR/3YDqaf2UGpd9kNfKAY3TAR+xTcTYBKWTkJEy4cX2bccSEOf7E +f1w0va+WgBwDUAllf+x21UFOWnPnqwb8LJxyg8dN3CRNWf9Z2vRXNOkvnAd0hYnA6xsbSLDQ +V0wpJOTH1zyZejMMWLpZh5SKRxaJAtpsfZ32qppzJhn4jJb0v2fC+wJVkUy4mLe6yaHCrrHw +lwldyzlwPBNwFfk31mVFYO+COSTGq+RXU2kCdujfw648IBYltdWI3D1vTilJd0gt2EDmOqQi +zfFJLlBTdLieJdrXzL4WWuzvJpC1YadkmqMqnVkpcDxbxw0bK7G0faLigwWkshggaSns0vnp +D05jQyMJUYdLwB9lh6u0B9APcCxmPLhgHDdgdlZ+1JHMdfY0gIMSIAP2zkQu4iaTv5Tuc5a0 +3dXE7G6GwZ+A5YsrovQCot2FY653A0swmAsaCy3A2OcVFXXgmZGLYh/06XA/+WhMSLVIaQ6e +YTFgG9k8iopU6zw5p2vav1rOuirymLe3b/VNZhk6nOpewwLp+5c2Ylmj6zEHegFQ9pbmlFF/ +kubk9wGuS941G0/iLPyf3ePPhQ6hMY9L+7moW+Zlbqqg2XXa9S8C2rMwELDegpawYJyMIt25 +xAb94BGMkU/SxclzZ62ktGkYrA0ekiHkB6zzt8uhHrGDxWEucQARAQABtCFOaWtvbGF1cyBS +YXRoIDxOaWtvbGF1c0ByYXRoLm9yZz6IagQQEQoAKgUCUyJ7rCMaaHR0cDovL3d3dy5yYXRo +Lm9yZy9ncGdwb2xpY3kuaHRtbAAKCRCprbf4rk5CXNS7AJ9/Fdr8AzeAPKRoGN/ilFSb64kV +ggCeNE3F2CrZisHyjAlJ2sW/5iRS1MeJAUAEEAEKACoFAlMie5IjGmh0dHA6Ly93d3cucmF0 +aC5vcmcvZ3BncG9saWN5Lmh0bWwACgkQttywLM0aUrlgiQf/fskwiyKtKS2ikqsiw6rqo9RP +3A6AGJ3LQivpekV3elKxeu22L99yjkCEKHtggMmVd+Q9z9Pmvmx1d4EcVRtj7N86CcrQnPFb +vUaiZ22gCDS61BCbnItzeo3nkOhbJtCU2AXHwBCx2c1uGNzR5qJoymXo92FIp7JxKJ3hHZDW +E2XnX41bNwzZtycfZuk5VB29MIiEIIGbR/Y8rq7KwWQdyQ8y5i6Jnq5hPqRVpvMagcA9ycOI +Nkf6FqK0RHOjpxXgTHPjQudrlrhbbSOW5AQdsVGo+kJU/S+eYjPO1QLOAcVX1xDHmBIYUwY3 +wxIVUXUwiGScNuKHATAwm8SFZuzTqIkCHAQQAQgABgUCVNw4rgAKCRAekxDZrc5gZUqFD/44 +Ze4ow4ehRZ9P359WNwRKkOMmG/tMCq5boe6Sx+eon3dO8zlR6WZfRdlqbYWD4lUAN1H1zKbX +/EmBcHiT01d4MAk3E3JqsmVKnhoEAj1D9/UryQlsLPuGgtbocoCxo2yg3dgTsbUiuOhYeRtp ++zqdck55Y9awU1xi5MLHOryNyAtWqncxMSDF6e4R17+RNUZqDykJQhjTAm2V+OQiWZ3ro15T +0rYpy+2de5zCgZKKE3rZyaLYNjOaF3jRGvZfTRFyhsIyHxksoDfICUHayeTpHeLR6oczai14 +Eg6HG9TDDfNNEKOWNU6m1O9kSJ8Q+Ow+khVchSF6UY0gPl6o7SFukoybhm9A6WpRnGhgACUd +X84jzMNydrf7yp9AqUWohmOth2GSc+owDoQCjuIFEjLJr0Ic+YFP0WD8ZMIrXhtG+muv0mE4 +qqo0JJgC9rdZk9vt6SSzuA6Wg/Hb7lbkcNOwGysb2xnL5Czjqpl0LPfXGngYgQVLQ9Gf3x/E +v4BIgnmzTxfCkTjRw2omL4mtCQJsajGLmwPNjX0SBKw57h8L6olljgrzzKZf6hV2EGsTvfp9 +l1WJlLGD24WVUNnC0y4XlRO/zym1mCq8aLcnr+63BIsZZPvUToun7PvgIyxjtf3Y9FLKlh7I +xzZzcWZT+GJg0eLd2JMUrSE07jSn8Ot7N4kCHAQQAQgABgUCVN/l8gAKCRAWf9Q0wEOjE1iV +EADAQPNGvhvvVMONiYZ3hIfv2Te7yOIWduPtvzykXovK+pzwwFdGs0BqreVMo7dnONecj53s +vvRwHU1XD/oMDDYVXfy5mfmM4ffIID77tA37bVblMApkwFWm573oaTFJhHH6VkI9Kb1/ST4w +l9T8QdJrMkrdkr/2ypl6AHOFuI1A+VuAAKooZ34outAdzZgFBZEobBgHcZEwatarNLP+bl6b +1U8rYFUeKra9pFEcIIOEfa+OVumtPyh6bue2CBrhgCh1EhiF9sD8PxxGzx9ZH2wsgUfXwKVm +oE/bDsuWP7HJkpRFWRHeDgqohVCwUXqFaqwq4up6dWm0Js/wbZp87kzFaMjzTp98Nr3akNRO +636MXxNip6JHNNxGuI5TAbXGXG3Foh5b57bOfS3zc/g4328/6ehA+DDct+aBlrhEfSYGdZ3S +s28IRcsxY9Xpx1ouKXY3g51pJYzTTrLCQ28YVV3ImvzA6Pi6vaSrIoCtHfNqONloGo3QF/1z +leAGFGz0AmVCckTDk/QvxYG842LjMjtkXhsZpLUUmEE11ore6ZaFqDcWba/Ob81/Cp9yibp8 +WNyO2kj5vs6peStTp0mPoPbWmX+43QAYcoIeVcePgizDpk84+esn2XX/NbK0vE+eNXZF2oxU +sOBjoWbezD1X7+Ymz40Ry5H5OuaCwkkR0Id37IkCYQQTAQoASwUCUyJ5+iMaaHR0cDovL3d3 +dy5yYXRoLm9yZy9ncGdwb2xpY3kuaHRtbAIbAwUJEswDAAULCQgHAwUVCgkICwUWAgMBAAIe +AQIXgAAKCRDRE/ysPE5Zn+l4EADTvsHUBaIqTjakIkYy8P2mvgJ/YqeDi2bcdXFMdFxNkhTi +L/YlEoMelaUQoFUo0yKn6bMhYTtsCXohqKIb5hup1wDDjfhShxyWm9zPFrI/8O66tydnEgjr +0X45WWU6ull2YuWzabRCg/2NRSxnbYLglSnoAJCmjs1iVb35nOxj1xv3QJHsr6jETxGkLKoL +4eolcphRr0RycNr1gZT3xXtgLBNoePEpwS9RHHphHTbzXxQfQmIIHoI/FIwSSBYgzTPiRVsR +5nrCPhfhzvhGIiFwPimDfcrkMfnl9ge0QPLxD5tkect20MzIXgZu8t11URJEElS6tRikndfD +Cx/m8NkHTKkxg16ANeZxpJSi+zFTLMljqVHrA0bwwVI+VR2IcL/oPjQXIwj3HHj4q42YpE6q +B9vlFQeIM+W9ZIOqisOsCNpaijKs4BQkANREFwfaQBPcfTNoQV4oQO8OEJzhFTM2QUPFMZkg +8mD/FAIU03d3kfWZMqrMQUj4SdOrhEcsheX3coUji6b7brZIp2EF47CE8yCtPYs5U+sEaQFe +5ue/yh1k8MFrzhk+BDmelOaZBiyHAMeJzqx5pd2SisM5qrO2eo5aTPE7/lsEjzBlIy4dRfu1 +GYMU4VP3DzSHRZPXwa0TahZJY5orlfyyoip844p68djEBvO3sZOBQr7QRjAaIbkCDQRTInn6 +ARAAwL+oAUxGacCUctUxjdInq+HK/9EYV1KDOgsUV6JQfMF8nTJNXEYg8xsi7BXGtBf0JL0n +4TyVnVGBS2vaR3c4+xCvTTxEyOcgqyVeKp1Hh61wQYbnlbhANrT2dKItG/dwgZHVeDfW1ARr +gsBFF7L97OuHruipK8n9ibPruPS4szGMrBS6Fvdt1bPX258D1Y5Z2MrvQkjAOlynIKrgxMC1 +BiFNUH6ktukXmKgbpiPG8ZuZBk+60e2IkvXB5gp5dcNvJ0hd1xWpuMJeThUdwwQqA79Kf7LS +tmltqlbphGzbAMQy7DJBJpHMm55HwG6AUMDuDh9H1cLs891a5wyPgGzHFMlMUy3hJMI/LZO4 +L/oxRidFcRrPsIaXWP8Ot85no3+QguQNRiuNNDTLZv8L+ExNBDHfVbg9gdqZr0gfZQHBQIE2 +7XHfOvc7z7PMd2BtsGM/kKh3UTAZfgiZSgZSOZAOBRqb6dG2nTqxi+tTN0lhStQl9TpN39Nq +Ma9NJPjzzRU2dLdTRVX/S9R2hAWLG97sPUxBRSfCbEBeZsj8QwLhkkoypzaX39Hzq3jwm9ek +UAlJwNXwyEgLD+K2DctTyF6yeUfuKjXOu+YC86EvXvPcmu7+aVPLdHv3Flyao6b7xapZx5c0 +1FoK0bqPEHK4AopfyZ4kQyk/lxyMAbtdHFeYk30AEQEAAYkCSQQYAQoAMwUCUyJ5+iMaaHR0 +cDovL3d3dy5yYXRoLm9yZy9ncGdwb2xpY3kuaHRtbAIbDAUJEswDAAAKCRDRE/ysPE5ZnwbX +D/920l474IxY/HKcHNFwat42IMWHIAI61+CrL2ZKN7Ou13qBdMRMc9zUYrD4EifXen5WotTg +wEKKmCIDnCKcVxRpiGEocOXXW1dvUTEJA+2xJRfkEgv9jsO2Q9ftTtC1SD08/h3tiA5aF103 +ZkYnZdCCbz3WcgW01aOs1l/IxVtdT8+ZgtJUT43zOJWN5p6J8Egnb8vAD87UPNnVmyDfpW2t +GThfIrepWdve0hx1W1FrUsCVT5/suZvFMpAQaX4Tv50Sk3+g/77bwhe/OWJZyIJMsHCNlcJW ++QM3r28+mcNc5WiX1r2TdjGZBN3gWv23Vj8hhhS7w4jVWe/7pB/v67J2mZozVeUgfWR66HfX +mCS+W1OrIELKyZFDNgxxnct9vx6/wCHqX0RRqdTe7FJw0WKFvDUhuKU7B/CVSXooF39wgBx7 +iD7FVTtstPrzYte/VbPZz5nyHQppSFUHW6bFJG0NdqpfvQts7RDoWJwS4RPqXUTkCKOSQjVu +K+nl24M/awFwxdS0zDrHwd5zOsxhufqL4xRsrS5p5QfeUrcNOIYSEF75DLFxRfMHUP/icJcJ +s8LuTAFMtZqL7kbWok7wdRYmO8mez/FvNTRSo85TlUzR3Fc4xZndBJ3P9vDkvWpKPfuXpiBf +CuX9TFYSVolnnl2col5xay+f7P0XVpxLkO+fCw== +=gOOn +-----END PGP PUBLIC KEY BLOCK----- diff --git a/fuse.rpmlintrc b/fuse.rpmlintrc new file mode 100644 index 0000000..d4e599a --- /dev/null +++ b/fuse.rpmlintrc @@ -0,0 +1,15 @@ +# This line is mandatory to access the configuration functions +from Config import * + +# rpmlint message: +# Your package contains a /etc/init.d scrip") +# a start dependency that is not behind $remote_fs, while it apparently +# needs $remote_fs dependency due to files being packaged under /usr. +# +# /usr/bin/fusermount is only needed when normal users want to mount, +# otherwise everything else is outside of /usr, so it can be localfs: +# +addFilter("fuse non-remote_fs-dependency") + +# Everything moved away, so it got small but the docs are not huge: +addFilter("fuse package-with-huge-docs") diff --git a/fuse.spec b/fuse.spec new file mode 100644 index 0000000..5ac9450 --- /dev/null +++ b/fuse.spec @@ -0,0 +1,262 @@ +# +# spec file for package fuse +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +Name: fuse +Version: 2.9.7 +Release: 3.3.1 +Summary: User space File System +License: GPL-2.0+ and LGPL-2.1+ +Group: System/Filesystems +Url: https://github.com/libfuse/libfuse +Source: https://github.com/libfuse/libfuse/releases/download/fuse-%{version}/fuse-%{version}.tar.gz +Source2: fuse.rpmlintrc +Source3: baselibs.conf +Source4: fuse.conf +Source5: https://github.com/libfuse/libfuse/releases/download/fuse-%{version}/fuse-%{version}.tar.gz.asc +Source6: fuse.keyring +Patch0: fuse-install-fix.diff +Patch3: fusermount-compile-as-pie.patch +Patch4: aarch64-build-fix.patch +Patch5: fusermount-prevent-silent-truncation-of-mount-options.patch +Patch6: fusermount-dont-feed-escaped-commans-into-mount-options.patch +Patch7: fusermount-bail-out-on-transient-config-read-failure.patch +Patch8: fusermount-refuse-unknown-options.patch +Patch9: fusermount-whitelist-known-good-filesystems-for-mountpoints.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: pkgconfig +# FIXME: use proper Requires(pre/post/preun/...) +PreReq: permissions +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} > 1320 +Requires(pre): group(trusted) +%endif +%if 0%{?suse_version} > 1130 +Requires: util-linux >= 2.18 +%else +Requires: util-linux(fake+no-canonicalize) +%endif +%if 0%{?suse_version} >= 1000 +Supplements: filesystem(fuse) +%endif + +%description +With FUSE, a user space program can export a file system through the +kernel-default (Linux kernel). + +User space file systems which are implemented using FUSE are provided +by the following packages: + +- curlftpfs (mount FTP servers), + +- encfs (layered file encryption), + +- fuseiso (mount iso, img, bin, mdf and nrg CD-ROM images), + +- fusepod (mount iPods), + +- fusesmb (mount a fully browseable network neighborhood), + +- gphotofs (mount gphoto-supported cameras), + +- ntfs-3g (mount NTFS volumes read-write), + +- obexfs (mount of bluetooth devices), + +- sshfs (mount over ssh), + +- wdfs (mount of WebDAV shares) + +This package contains the mount binaries for fuse (might not be needed +by some FUSE filesystems like ntfs-3g) and the documentation for FUSE. + +After installing fuse-devel, administrators can compile and install +other user space file systems which can be found at +http://fuse.sourceforge.net/wiki + +%package -n libulockmgr1 +Summary: Library of FUSE, the User space File System for GNU/Linux and BSD +Group: System/Filesystems + +%description -n libulockmgr1 +With FUSE, a user space program can export a file system through the +kernel-default (Linux kernel). + +%package -n libfuse2 +Summary: Library of FUSE, the User space File System for GNU/Linux and BSD +Group: System/Filesystems + +%description -n libfuse2 +With FUSE, a user space program can export a file system through the +kernel-default (Linux kernel). + +A FUSE file system which only needs libfuse2 is ntfs-3g, other FUSE +file systems might need the fuse package in addition to have fusermount +and /sbin/mount.fuse. + +After installing fuse-devel, administrators can compile and install +other user space file systems which can be found at +http://fuse.sourceforge.net/wiki + +%package doc +Summary: Document package for FUSE (userspace filesystem) +Group: Development/Languages/C and C++ + +%description doc +This package contains the documentation for FUSE (userspace filesystem). + +%package devel +Summary: Development package for FUSE (userspace filesystem) modules +Group: Development/Languages/C and C++ +Requires: fuse = %{version} +Requires: fuse-doc = %{version} +Requires: glibc-devel +Requires: libfuse2 = %{version} +Requires: libulockmgr1 = %{version} + +%description devel +This package contains all include files, libraries and configuration +files needed to develop programs that use the fuse (FUSE) library to +implement kernel-default (Linux) file systems in user space. + +With fuse-devel, administrators can compile and install other user +space file systems which can be found at +http://fuse.sourceforge.net/wiki + +%package devel-static +Summary: Development package for FUSE (userspace filesystem) modules +Group: Development/Languages/C and C++ +Requires: fuse-devel = %{version} +Provides: fuse-devel:%{_libdir}/libfuse.a + +%description devel-static +This package contains all include files, libraries and configuration +files needed to develop programs that use the fuse (FUSE) library to +implement kernel-default (Linux) file systems in user space. + +With fuse-devel, administrators can compile and install other user +space file systems which can be found at +http://fuse.sourceforge.net/wiki + +%prep +%setup -q +%patch0 -p1 +%patch3 -p1 +%patch4 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 + +%build +export CFLAGS="%{optflags} -g -fno-strict-aliasing" +export MOUNT_FUSE_PATH=%{_sbindir} +autoreconf -fi +%configure --with-pic \ + --with-pkgconfigdir=%{_libdir}/pkgconfig \ + --enable-lib \ + --enable-util \ + --enable-example +make %{?_smp_mflags} + +%install +make DESTDIR=%{buildroot} install %{?_smp_mflags} +rm -rf %{buildroot}/%{_sysconfdir}/init.d +install -m644 -D %{SOURCE4} %{buildroot}/%{_sysconfdir}/fuse.conf +# Needed for OpenSUSE buildservice +%if 0%{?suse_version} <= 1020 +install -m644 -D util/udev.rules %{buildroot}/%{_sysconfdir}/udev/rules.d/99-fuse.rules +%endif +find %{buildroot} -type f -name "*.la" -delete -print +# not needed for fuse, might reappar in separate package: +rm -f %{buildroot}/%{_libdir}/libulockmgr.a +#UsrMerge +mkdir %{buildroot}/sbin +mkdir %{buildroot}/%{_lib} +ln -s -v %{_sbindir}/mount.fuse %{buildroot}/sbin +pushd %{buildroot}/%{_libdir} +for libname in $(ls *.so.*);do +ln -s -v /%{_libdir}/$libname %{buildroot}/%{_lib} +done +popd +#EndUsrMerge + +(cd example && make clean) +rm -rf example/.deps example/Makefile.am example/Makefile.in +rm -rf doc/Makefile.am doc/Makefile.in doc/Makefile + +%post +%if 0%{?suse_version} >= 1140 +%set_permissions %{_bindir}/fusermount +%else +%run_permissions +%endif + +%verifyscript +%verify_permissions -e %{_bindir}/fusermount + +%post -n libfuse2 -p /sbin/ldconfig + +%postun -n libfuse2 -p /sbin/ldconfig + +%post -n libulockmgr1 -p /sbin/ldconfig + +%postun -n libulockmgr1 -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%doc AUTHORS ChangeLog NEWS README* COPYING* +%if 0%{?suse_version} <= 1020 +%dir %{_sysconfdir}/udev +%dir %{_sysconfdir}/udev/rules.d +%{_sysconfdir}/udev/rules.d/99-fuse.rules +%endif +%verify(not mode) %attr(4750,root,trusted) %{_bindir}/fusermount +#UsrMerge +/sbin/mount.fuse +#EndUsrMerge +%{_sbindir}/mount.fuse +%config %{_sysconfdir}/fuse.conf +%{_bindir}/ulockmgr_server +%{_mandir}/man1/fusermount.1.* +%{_mandir}/man1/ulockmgr_server.1.* +%{_mandir}/man8/mount.fuse.8.* + +%files -n libfuse2 +%defattr(-,root,root) +#UsrMerge +/%{_lib}/libfuse.so.2* +#EndUsrMerge +%{_libdir}/libfuse.so.2* + +%files -n libulockmgr1 +%defattr(-,root,root) +#UsrMerge +/%{_lib}/libulockmgr.so.* +#EndUsrMerge +%{_libdir}/libulockmgr.so.* + +%files doc +%defattr(-,root,root) +%doc example doc + +%files devel +%defattr(-,root,root) +%{_libdir}/libfuse.so +%{_libdir}/libulockmgr.so +%{_includedir}/fuse.h +%{_includedir}/fuse +%{_libdir}/pkgconfig/*.pc +%{_includedir}/ulockmgr.h + +%files devel-static +%defattr(-,root,root) +%{_libdir}/libfuse.a + +%changelog diff --git a/fusermount-bail-out-on-transient-config-read-failure.patch b/fusermount-bail-out-on-transient-config-read-failure.patch new file mode 100644 index 0000000..85a26eb --- /dev/null +++ b/fusermount-bail-out-on-transient-config-read-failure.patch @@ -0,0 +1,42 @@ +From cc315f5aa7fae04e16dda419859b2995992977cd Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Fri, 13 Jul 2018 15:50:50 -0700 +Subject: [PATCH] fusermount: bail out on transient config read failure + +If an attacker wishes to use the default configuration instead of the +system's actual configuration, they can attempt to trigger a failure in +read_conf(). This only permits increasing mount_max if it is lower than the +default, so it's not particularly interesting. Still, this should probably +be prevented robustly; bail out if funny stuff happens when we're trying to +read the config. + +Note that the classic attack trick of opening so many files that the +system-wide limit is reached won't work here - because fusermount only +drops the fsuid, not the euid, the process is running with euid=0 and +CAP_SYS_ADMIN, so it bypasses the number-of-globally-open-files check in +get_empty_filp() (unless you're inside a user namespace). + +diff --git a/util/fusermount.c b/util/fusermount.c +index 143bd4a..4e0f51a 100644 +--- a/util/fusermount.c ++++ b/util/fusermount.c +@@ -565,10 +565,19 @@ static void read_conf(void) + fprintf(stderr, "%s: reading %s: missing newline at end of file\n", progname, FUSE_CONF); + + } ++ if (ferror(fp)) { ++ fprintf(stderr, "%s: reading %s: read failed\n", progname, FUSE_CONF); ++ exit(1); ++ } + fclose(fp); + } else if (errno != ENOENT) { ++ bool fatal = (errno != EACCES && errno != ELOOP && ++ errno != ENAMETOOLONG && errno != ENOTDIR && ++ errno != EOVERFLOW); + fprintf(stderr, "%s: failed to open %s: %s\n", + progname, FUSE_CONF, strerror(errno)); ++ if (fatal) ++ exit(1); + } + } + diff --git a/fusermount-compile-as-pie.patch b/fusermount-compile-as-pie.patch new file mode 100644 index 0000000..0f7288e --- /dev/null +++ b/fusermount-compile-as-pie.patch @@ -0,0 +1,13 @@ +Index: fuse-2.9.0/util/Makefile.am +=================================================================== +--- fuse-2.9.0.orig/util/Makefile.am 2012-07-02 09:27:27.057828998 +0200 ++++ fuse-2.9.0/util/Makefile.am 2012-07-02 09:28:25.920068349 +0200 +@@ -10,6 +10,8 @@ noinst_PROGRAMS = mount.fuse + # copying it over. + fusermount_SOURCES = fusermount.c mount_util.c + fusermount_CPPFLAGS = -I$(top_srcdir)/lib ++fusermount_CFLAGS = -fPIE $(AM_CFLAGS) ++fusermount_LDFLAGS = -pie $(AM_LDFLAGS) + BUILT_SOURCES = mount_util.c + mount_util.c: $(top_srcdir)/lib/mount_util.c + @cp $(top_srcdir)/lib/mount_util.c . diff --git a/fusermount-dont-feed-escaped-commans-into-mount-options.patch b/fusermount-dont-feed-escaped-commans-into-mount-options.patch new file mode 100644 index 0000000..3814ac5 --- /dev/null +++ b/fusermount-dont-feed-escaped-commans-into-mount-options.patch @@ -0,0 +1,41 @@ +From 28bdae3d113ef479c1660a581ef720cdc33bf466 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Fri, 13 Jul 2018 15:15:36 -0700 +Subject: [PATCH] fusermount: don't feed "escaped commas" into mount options + +The old code permits the following behavior: + +$ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount +mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument) + +However, backslashes do not have any special meaning for the kernel here. + +As it happens, you can't abuse this because there is no FUSE mount option +that takes a string value that can contain backslashes; but this is very +brittle. Don't interpret "escape characters" in places where they don't +work. + +diff --git a/util/fusermount.c b/util/fusermount.c +index 0e1d34d..143bd4a 100644 +--- a/util/fusermount.c ++++ b/util/fusermount.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + + #define FUSE_COMMFD_ENV "_FUSE_COMMFD" + +@@ -754,8 +755,10 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode, + unsigned len; + const char *fsname_str = "fsname="; + const char *subtype_str = "subtype="; ++ bool escape_ok = begins_with(s, fsname_str) || ++ begins_with(s, subtype_str); + for (len = 0; s[len]; len++) { +- if (s[len] == '\\' && s[len + 1]) ++ if (escape_ok && s[len] == '\\' && s[len + 1]) + len++; + else if (s[len] == ',') + break; diff --git a/fusermount-prevent-silent-truncation-of-mount-options.patch b/fusermount-prevent-silent-truncation-of-mount-options.patch new file mode 100644 index 0000000..7aba5eb --- /dev/null +++ b/fusermount-prevent-silent-truncation-of-mount-options.patch @@ -0,0 +1,96 @@ +From 34c62ee90c69b07998629f6b5a06ab0120be681c Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Fri, 13 Jul 2018 14:51:17 -0700 +Subject: [PATCH] fusermount: prevent silent truncation of mount options + +Currently, in the kernel, copy_mount_options() copies in one page of +userspace memory (or less if some of that memory area is not mapped). +do_mount() then writes a null byte to the last byte of the copied page. +This means that mount option strings longer than PAGE_SIZE-1 bytes get +truncated silently. + +Therefore, this can happen: + +user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4000')" mount +sending file descriptor: Bad file descriptor +user@d9-ut:~$ grep /mount /proc/mounts +/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0 +user@d9-ut:~$ fusermount -u mount +user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4050')" mount +sending file descriptor: Bad file descriptor +user@d9-ut:~$ grep /mount /proc/mounts +/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0 +user@d9-ut:~$ fusermount -u mount +user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4051')" mount +sending file descriptor: Bad file descriptor +user@d9-ut:~$ grep /mount /proc/mounts +/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=10 0 0 +user@d9-ut:~$ fusermount -u mount +user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4052')" mount +sending file descriptor: Bad file descriptor +user@d9-ut:~$ grep /mount /proc/mounts +/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1 0 0 +user@d9-ut:~$ fusermount -u mount + +I'm not aware of any context in which this is actually exploitable - you'd +still need the UIDs to fit, and you can't do it if the three GIDs of the +process don't match (in the case of a typical setgid binary), but it does +look like something that should be fixed. + +I also plan to try to get this fixed on the kernel side. + +--- + util/fusermount.c | 23 ++++++++++++++++++++--- + 1 file changed, 20 insertions(+), 3 deletions(-) + +--- a/util/fusermount.c ++++ b/util/fusermount.c +@@ -712,6 +712,23 @@ static int get_string_opt(const char *s, + return 1; + } + ++/* The kernel silently truncates the "data" argument to PAGE_SIZE-1 characters. ++ * This can be dangerous if it e.g. truncates the option "group_id=1000" to ++ * "group_id=1". ++ * This wrapper detects this case and bails out with an error. ++ */ ++static int mount_notrunc(const char *source, const char *target, ++ const char *filesystemtype, unsigned long mountflags, ++ const char *data) { ++ if (strlen(data) > sysconf(_SC_PAGESIZE) - 1) { ++ fprintf(stderr, "%s: mount options too long\n", progname); ++ errno = EINVAL; ++ return -1; ++ } ++ return mount(source, target, filesystemtype, mountflags, data); ++} ++ ++ + static int do_mount(const char *mnt, char **typep, mode_t rootmode, + int fd, const char *opts, const char *dev, char **sourcep, + char **mnt_optsp, off_t rootsize) +@@ -836,7 +853,7 @@ static int do_mount(const char *mnt, cha + else + strcpy(source, subtype ? subtype : dev); + +- res = mount(source, mnt, type, flags, optbuf); ++ res = mount_notrunc(source, mnt, type, flags, optbuf); + if (res == -1 && errno == ENODEV && subtype) { + /* Probably missing subtype support */ + strcpy(type, blkdev ? "fuseblk" : "fuse"); +@@ -847,13 +864,13 @@ static int do_mount(const char *mnt, cha + strcpy(source, type); + } + +- res = mount(source, mnt, type, flags, optbuf); ++ res = mount_notrunc(source, mnt, type, flags, optbuf); + } + if (res == -1 && errno == EINVAL) { + /* It could be an old version not supporting group_id */ + sprintf(d, "fd=%i,rootmode=%o,user_id=%u", + fd, rootmode, getuid()); +- res = mount(source, mnt, type, flags, optbuf); ++ res = mount_notrunc(source, mnt, type, flags, optbuf); + } + if (res == -1) { + int errno_save = errno; diff --git a/fusermount-refuse-unknown-options.patch b/fusermount-refuse-unknown-options.patch new file mode 100644 index 0000000..8181adb --- /dev/null +++ b/fusermount-refuse-unknown-options.patch @@ -0,0 +1,37 @@ +From 5018a0c016495155ee598b7e0167b43d5d902414 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Sat, 14 Jul 2018 03:47:50 -0700 +Subject: [PATCH] fusermount: refuse unknown options + +Blacklists are notoriously fragile; especially if the kernel wishes to add +some security-critical mount option at a later date, all existing systems +with older versions of fusermount installed will suddenly have a security +problem. +Additionally, if the kernel's option parsing became a tiny bit laxer, the +blacklist could probably be bypassed. + +Whitelist known-harmless flags instead, even if it's slightly more +inconvenient. + +diff --git a/util/fusermount.c b/util/fusermount.c +index 4e0f51a..2792407 100644 +--- a/util/fusermount.c ++++ b/util/fusermount.c +@@ -819,10 +819,16 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode, + flags |= flag; + else + flags &= ~flag; +- } else { ++ } else if (opt_eq(s, len, "default_permissions") || ++ opt_eq(s, len, "allow_other") || ++ begins_with(s, "max_read=") || ++ begins_with(s, "blksize=")) { + memcpy(d, s, len); + d += len; + *d++ = ','; ++ } else { ++ fprintf(stderr, "%s: unknown option '%.*s'\n", progname, len, s); ++ exit(1); + } + } + } diff --git a/fusermount-whitelist-known-good-filesystems-for-mountpoints.patch b/fusermount-whitelist-known-good-filesystems-for-mountpoints.patch new file mode 100644 index 0000000..3c4e16c --- /dev/null +++ b/fusermount-whitelist-known-good-filesystems-for-mountpoints.patch @@ -0,0 +1,114 @@ +From 795ad5d77434f3502e63a70c8a3fda94fa347e3d Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Sat, 14 Jul 2018 13:37:41 +0200 +Subject: [PATCH] fusermount: whitelist known-good filesystems for mountpoints + +Before: + +$ _FUSE_COMMFD=1 priv_strace -s8000 -e trace=mount util/fusermount3 /proc/self/fd +mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "fd=3,rootmode=40000,user_id=379777,group_id=5001") = 0 +sending file descriptor: Socket operation on non-socket ++++ exited with 1 +++ + +After: + +$ _FUSE_COMMFD=1 priv_strace -s8000 -e trace=mount util/fusermount3 /proc/self/fd +util/fusermount3: mounting over filesystem type 0x009fa0 is forbidden ++++ exited with 1 +++ + +This patch could potentially have security +impact on some systems that are configured with allow_other; +see https://launchpad.net/bugs/1530566 for an example of how a similar +issue in the ecryptfs mount helper was exploitable. However, the FUSE +mount helper performs slightly different security checks, so that exact +attack doesn't work with fusermount; I don't know of any specific attack +you could perform using this, apart from faking the SELinux context of your +process when someone's looking at a process listing. Potential targets for +overwrite are (looking on a system with a 4.9 kernel): + +writable only for the current process: +/proc/self/{fd,map_files} +(Yes, "ls -l" claims that you don't have write access, but that's not true; +"find -writable" will show you what access you really have.) + +writable also for other owned processes: +/proc/$pid/{sched,autogroup,comm,mem,clear_refs,attr/*,oom_adj, +oom_score_adj,loginuid,coredump_filter,uid_map,gid_map,projid_map, +setgroups,timerslack_ns} + +diff --git a/util/fusermount.c b/util/fusermount.c +index 2792407..c63c50e 100644 +--- a/util/fusermount.c ++++ b/util/fusermount.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + #define FUSE_COMMFD_ENV "_FUSE_COMMFD" + +@@ -915,6 +916,8 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd) + int res; + const char *mnt = *mntp; + const char *origmnt = mnt; ++ struct statfs fs_buf; ++ size_t i; + + res = lstat(mnt, stbuf); + if (res == -1) { +@@ -987,8 +990,53 @@ static int check_perm(const char **mntp, struct stat *stbuf, int *mountpoint_fd) + return -1; + } + ++ /* Do not permit mounting over anything in procfs - it has a couple ++ * places to which we have "write access" without being supposed to be ++ * able to just put anything we want there. ++ * Luckily, without allow_other, we can't get other users to actually ++ * use any fake information we try to put there anyway. ++ * Use a whitelist to be safe. */ ++ if (statfs(*mntp, &fs_buf)) { ++ fprintf(stderr, "%s: failed to access mountpoint %s: %s\n", ++ progname, mnt, strerror(errno)); ++ return -1; ++ } + +- return 0; ++ /* Use the same list of permitted filesystems for the mount target as ++ * the ecryptfs mount helper ++ * (https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/mount.ecryptfs_private.c#L225). */ ++ typeof(fs_buf.f_type) f_type_whitelist[] = { ++ 0x61756673 /* AUFS_SUPER_MAGIC */, ++ 0x9123683E /* BTRFS_SUPER_MAGIC */, ++ 0x00C36400 /* CEPH_SUPER_MAGIC */, ++ 0xFF534D42 /* CIFS_MAGIC_NUMBER */, ++ 0x0000F15F /* ECRYPTFS_SUPER_MAGIC */, ++ 0x0000EF53 /* EXT[234]_SUPER_MAGIC */, ++ 0xF2F52010 /* F2FS_SUPER_MAGIC */, ++ 0x65735546 /* FUSE_SUPER_MAGIC */, ++ 0x01161970 /* GFS2_MAGIC */, ++ 0x3153464A /* JFS_SUPER_MAGIC */, ++ 0x000072B6 /* JFFS2_SUPER_MAGIC */, ++ 0x0000564C /* NCP_SUPER_MAGIC */, ++ 0x00006969 /* NFS_SUPER_MAGIC */, ++ 0x00003434 /* NILFS_SUPER_MAGIC */, ++ 0x5346544E /* NTFS_SB_MAGIC */, ++ 0x794C7630 /* OVERLAYFS_SUPER_MAGIC */, ++ 0x52654973 /* REISERFS_SUPER_MAGIC */, ++ 0x73717368 /* SQUASHFS_MAGIC */, ++ 0x01021994 /* TMPFS_MAGIC */, ++ 0x24051905 /* UBIFS_SUPER_MAGIC */, ++ 0x58465342 /* XFS_SB_MAGIC */, ++ 0x2FC12FC1 /* ZFS_SUPER_MAGIC */, ++ }; ++ for (i = 0; i < sizeof(f_type_whitelist)/sizeof(f_type_whitelist[0]); i++) { ++ if (f_type_whitelist[i] == fs_buf.f_type) ++ return 0; ++ } ++ ++ fprintf(stderr, "%s: mounting over filesystem type %#010lx is forbidden\n", ++ progname, (unsigned long)fs_buf.f_type); ++ return -1; + } + + static int try_open(const char *dev, char **devp, int silent)