umount: block signals when umounting and updating mtab (CVE-2011-1676, CVE-2011-1677)

http://thread.gmane.org/gmane.comp.security.oss.general/4374

Based on CVE-2011-1089.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/mount/umount.c b/mount/umount.c
index add6c87daae6f1e906a8003bb44b8546eac26e63..c87af6b2c8171b01ad9585ba0ea6d9f7f426cfa8 100644 (file)
--- a/mount/umount.c
+++ b/mount/umount.c
@@ -291,6 +291,8 @@ umount_one (const char *spec, const char *node, const char *type,
        if (check_special_umountprog(spec, node, type, &status))
                return status;
 
+       block_signals(SIG_BLOCK);
+
        /* Skip the actual umounting for --fake */
        if (fake)
                goto writemtab;
@@ -357,6 +359,7 @@ umount_one (const char *spec, const char *node, const char *type,
                                remnt.mnt_passno = 0;
                                update_mtab(node, &remnt);
                        }
+                       block_signals(SIG_UNBLOCK);
                        return 0;
                } else if (errno != EBUSY) {    /* hmm ... */
                        perror("remount");
@@ -426,6 +429,8 @@ umount_one (const char *spec, const char *node, const char *type,
 #endif
        }
 
+       block_signals(SIG_UNBLOCK);
+
        if (res >= 0)
                return 0;
        if (umnt_err)