- Bug 421371: CVE-2007-5964 autofs defaults don't restrict suid in /net

[rawhide]
- use mount option "nosuid" for "-hosts" map unless "suid" is explicily
    specified.

autofs-5.0.2-hosts-nosuid-default.patch

@@ -0,0 +1,79 @@
+diff --git a/man/auto.master.5.in b/man/auto.master.5.in
+index d488960..56aaa5d 100644
+--- a/man/auto.master.5.in
++++ b/man/auto.master.5.in
+@@ -195,6 +195,9 @@ For example, with an entry in the master map of
+ .hy
+ accessing /net/myserver will mount exports from myserver on directories below
+ /net/myserver.
++.P
++NOTE: mounts done from a hosts map will be mounted with the "nosuid" option
++unless the "suid" option is explicitly given in the master map entry.
+ .SH LDAP MAPS
+ If the map type \fBldap\fP is specified the mapname is of the form
+ \fB[//servername/]dn\fP, where the optional \fBservername\fP is
+diff --git a/modules/parse_sun.c b/modules/parse_sun.c
+index 186e567..9a97329 100644
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -496,6 +496,7 @@ static int sun_mount(struct autofs_point *ap, const char *root,
+ 	int rv, cur_state;
+ 	char *mountpoint;
+ 	char *what;
++	char *type;
+ 
+ 	if (*options == '\0')
+ 		options = NULL;
+@@ -585,6 +586,36 @@ static int sun_mount(struct autofs_point *ap, const char *root,
+ 	mountpoint = alloca(namelen + 1);
+ 	sprintf(mountpoint, "%.*s", namelen, name);
+ 
++	type = ap->entry->maps->type;
++	if (type && !strcmp(type, "hosts")) {
++		if (options) {
++			if (!strstr(options, "suid")) {
++				char *tmp = alloca(strlen(options) + 8);
++				if (!tmp) {
++					error(ap->logopt, MODPREFIX
++					      "alloca failed for options");
++					if (nonstrict)
++						return -1;
++					return 1;
++				}
++				strcpy(tmp, options);
++				strcat(tmp, ",nosuid");
++				options = tmp;
++			}
++		} else {
++			char *tmp = alloca(7);
++			if (!tmp) {
++				error(ap->logopt,
++				      MODPREFIX "alloca failed for options");
++				if (nonstrict)
++					return -1;
++				return 1;
++			}
++			strcpy(tmp, "nosuid");
++			options = tmp;
++		}
++	}
++
+ 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
+ 	if (!strcmp(fstype, "nfs")) {
+ 		what = alloca(loclen + 1);
+diff --git a/samples/auto.master b/samples/auto.master
+index d4796a3..4995976 100644
+--- a/samples/auto.master
++++ b/samples/auto.master
+@@ -5,6 +5,11 @@
+ # For details of the format look at autofs(5).
+ #
+ /misc	/etc/auto.misc
++#
++# NOTE: mounts done from a hosts map will be mounted with the
++#	"nosuid" option unless the "suid" option is explicitly
++#	given.
++#
+ /net	-hosts
+ #
+ # Include central master map if it can be found using

autofs.spec

@@ -4,7 +4,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.0.2
-Release: 19
+Release: 21
 Epoch: 1
 License: GPL
 Group: System Environment/Daemons
@@ -55,6 +55,7 @@ Patch41: autofs-5.0.2-large-groups.patch
 Patch42: autofs-5.0.2-report-failed-lookups.patch
 Patch43: autofs-5.0.2-dynamic-logging-non-sasl.patch
 Patch44: autofs-5.0.2-singleton-host-list.patch
+Patch45: autofs-5.0.2-hosts-nosuid-default.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs
 Conflicts: kernel < 2.6.17
@@ -141,6 +142,7 @@ echo %{version}-%{release} > .version
 %patch42 -p1
 %patch43 -p1
 %patch44 -p1
+%patch45 -p1
 
 %build
 #CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@@ -193,6 +195,10 @@ fi
 %{_libdir}/autofs/
 
 %changelog
+* Thu Dec 13 2007 Ian Kent <ikent@redhat.com> - 5.0.2-21
+- Bug 421371: CVE-2007-5964 autofs defaults don't restrict suid in /net [rawhide]
+  - use mount option "nosuid" for "-hosts" map unless "suid" is explicily specified.
+
 * Thu Dec  6 2007 Jeremy Katz <katzj@redhat.com> - 1:5.0.2-19
 - rebuild for new ldap