From 2118ed49dcf6adf60c6c544667dbf71c54239b86 Mon Sep 17 00:00:00 2001 From: Thomas Blume Date: Fri, 16 May 2025 14:27:10 +0200 Subject: [PATCH] Don't allow suid and dev set on fs resize Fixes: CVE-2025-6019 --- src/plugins/fs/generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c index ca08d19a..15b55271 100644 --- a/src/plugins/fs/generic.c +++ b/src/plugins/fs/generic.c @@ -409,7 +409,7 @@ static gboolean xfs_resize_device (const gchar *device, guint64 new_size, const "before resizing it.", device); return FALSE; } - ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error); + ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error); if (!ret) { g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device); return FALSE; -- 2.49.0