umount: block signals when umounting and updating mtab (CVE-2011-1676, CVE-2011-1677)

http://thread.gmane.org/gmane.comp.security.oss.general/4374

Based on CVE-2011-1089.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/mount/umount.c b/mount/umount.c
index e7e1f222bb8e2c3e802fda3b521d437240e18b09..c53daa351295edcedfb72acd1f62d67b41a3e05d 100644 (file)
--- a/mount/umount.c
+++ b/mount/umount.c
@@ -291,6 +291,8 @@ umount_one (const char *spec, const char *node, const char *type,
        if (check_special_umountprog(spec, node, type, &status))
                return status;
 
+       block_signals(SIG_BLOCK);
+
        /* Skip the actual umounting for --fake */
        if (fake)
                goto writemtab;
@@ -357,6 +359,7 @@ umount_one (const char *spec, const char *node, const char *type,
                                remnt.mnt_passno = 0;
                                update_mtab(node, &remnt);
                        }
+                       block_signals(SIG_UNBLOCK);
                        return 0;
                } else if (errno != EBUSY) {    /* hmm ... */
                        perror("remount");
@@ -426,6 +429,8 @@ umount_one (const char *spec, const char *node, const char *type,
 #endif
        }
 
+       block_signals(SIG_UNBLOCK);
+
        if (res >= 0)
                return 0;
        if (umnt_err)