helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-filesystems
History
Jagadeesh Krishnanjanappa 0fec2df040 fuse: CVE-2018-10906 
* CVE-2018-10906-1:

fusermount: don't feed "escaped commas" into mount options

The old code permits the following behavior:

$ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount
mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument)

However, backslashes do not have any special meaning for the kernel here.

As it happens, you can't abuse this because there is no FUSE mount option
that takes a string value that can contain backslashes; but this is very
brittle. Don't interpret "escape characters" in places where they don't
work.

* CVE-2018-10906-2:

fusermount: refuse unknown options

Blacklists are notoriously fragile; especially if the kernel wishes to add
some security-critical mount option at a later date, all existing systems
with older versions of fusermount installed will suddenly have a security
problem.
Additionally, if the kernel's option parsing became a tiny bit laxer, the
blacklist could probably be bypassed.

Whitelist known-harmless flags instead, even if it's slightly more
inconvenient.

Affects fuse < 2.9.8 and fuse < 3.2.5

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-09-04 07:36:55 -07:00
..
conf
meta-filesystems: Add LAYERVERSION and LAYERDEPENDS
2014-11-28 13:41:45 +01:00
recipes-filesystems
smbnetfs: delete blacklisted
2017-09-18 10:16:23 +02:00
recipes-support
fuse: CVE-2018-10906
2018-09-04 07:36:55 -07:00
recipes-utils
xfsdump: Upgrade to 3.1.7
2017-09-13 11:13:25 +02:00
COPYING.MIT
meta-filesystems creation
2013-08-16 12:58:31 +02:00
README
README: update maintainers list for rocko
2017-10-17 10:40:25 +00:00

README 

This README file contains information on the contents of the
filesystems layer.

Please see the corresponding sections below for details.


Dependencies
============

This layer depends on:

  URI: git://git.openembedded.org/bitbake
  branch: 1.36

  URI: git://git.openembedded.org/openembedded-core
  layers: meta
  branch: rocko

  URI: git://git.openembedded.org/meta-openembedded
  layers: meta-oe
  branch: rocko

Patches
=======

Please submit any patches against the filesystems layer to the
OpenEmbedded development mailing list (openembedded-devel@lists.openembedded.org)
with '[meta-filesystems][rocko]' in the subject.

Maintainers List:
  physfs      Andreas Müller <schnitzeltony@googlemail.com>

  fuse        Koen Kooi <koen@dominion.thruhere.net>
              Philip Balister <philip@balister.org>
              hongxu jia <hongxu.jia@windriver.com>

  ifuse       Sander van Grieken <sander@outrightsolutions.nl>
              Koen Kooi <koen@dominion.thruhere.net>

  sshfs-fuse  Philip Balister <philip@balister.org>
              Koen Kooi <koen@dominion.thruhere.net>

  owfs        Otavio Salvador <otavio@ossystems.com.br>
              Koen Kooi <koen@dominion.thruhere.net>
              hongxu jia <hongxu.jia@windriver.com>

  ntfs-3g-ntfsprogs  Otavio Salvador <otavio@ossystems.com.br>
                     hongxu jia <hongxu.jia@windriver.com>

  cramfs      Koen Kooi <koen@dominion.thruhere.net>

  smbnetfs    Sander van Grieken <sander@outrightsolutions.nl>
              Koen Kooi <koen@dominion.thruhere.net>

  fuse-exfat  hongxu jia <hongxu.jia@windriver.com>

  exfat-utils hongxu jia <hongxu.jia@windriver.com>

  f2fs-tools  Martin Jansa <Martin.Jansa@gmail.com>
              Koen Kooi <koen@dominion.thruhere.net>

  xfsprogs    Koen Kooi <koen@dominion.thruhere.net>
              hongxu jia <hongxu.jia@windriver.com>

When sending single patches, please use something like:

   git send-email -1 -M \
        --to openembedded-devel@lists.openembedded.org \
        --subject-prefix=meta-filesystems][rocko][PATCH

rocko Branch Maintainer:
Armin Kuster <akuster808@gmail.com>

Table of Contents
=================

  I. Adding the filesystems layer to your build
 II. Misc


I. Adding the filesystems layer to your build
=================================================

In order to use this layer, you need to make the build system aware of
it.

Assuming the filesystems layer exists at the top-level of your
yocto build tree, you can add it to the build system by adding the
location of the filesystems layer to bblayers.conf, along with any
other layers needed. e.g.:

  BBLAYERS ?= " \
    /path/to/yocto/meta \
    /path/to/yocto/meta-oe \
    /path/to/yocto/meta-filesystems \
    "


II. Misc
========

  --- physfs ---
  A library to provide abstract access to various archives

  --- fuse ---
  Filesystem in Userspace (FUSE) is a simple interface for userspace programs
  to export a virtual filesystem to the Linux kernel.

  --- ifuse ---
  A fuse filesystem to access the contents of an iPhone or iPod Touch

  --- sshfs-fuse ---
  A filesystem client based on the SSH File Transfer Protocol

  --- owfs ---
  An easy way to use the 1-Wire file system

  --- ntfs-3g-ntfsprogs ---
  The ntfs-3g is a freely available read/write NTFS driver for Linux and
  ntfsprogs includes utilities for doing all required tasks to NTFS partitions.

  --- cramfs ---
  Builds cramfs filesystems for embedded systems

  --- smbnetfs ---
  SMBNetFS is a Linux/FreeBSD filesystem that allow you to use samba/microsoft
  network in the same manner as the network neighborhood in Microsoft Windows.

  --- fuse-exfat ---
  A read and write exFAT driver for FUSE

  --- exfat-utils ---
  Utilities to create, check, label and dump exFAT filesystem

  --- f2fs-tools ---
  Tools needed for creating and managing f2fs partitions

  --- xfsprogs ---
  It provides XFS filesystem utilities.