From 11b51a46bfd3c340df251b2d20fe9d04d077a88e Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 13 Apr 2011 10:11:50 +0200
Subject: [PATCH] umount: block signals when umounting and updating mtab
 (CVE-2011-1676, CVE-2011-1677)

http://thread.gmane.org/gmane.comp.security.oss.general/4374

Based on CVE-2011-1089.

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 mount/umount.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mount/umount.c b/mount/umount.c
index e7e1f222bb..c53daa3512 100644
--- a/mount/umount.c
+++ b/mount/umount.c
@@ -291,6 +291,8 @@ umount_one (const char *spec, const char *node, const char *type,
 	if (check_special_umountprog(spec, node, type, &status))
 		return status;
 
+	block_signals(SIG_BLOCK);
+
 	/* Skip the actual umounting for --fake */
 	if (fake)
 		goto writemtab;
@@ -357,6 +359,7 @@ umount_one (const char *spec, const char *node, const char *type,
 				remnt.mnt_passno = 0;
 				update_mtab(node, &remnt);
 			}
+			block_signals(SIG_UNBLOCK);
 			return 0;
 		} else if (errno != EBUSY) { 	/* hmm ... */
 			perror("remount");
@@ -426,6 +429,8 @@ umount_one (const char *spec, const char *node, const char *type,
 #endif
 	}
 
+	block_signals(SIG_UNBLOCK);
+
 	if (res >= 0)
 		return 0;
 	if (umnt_err)
-- 
2.47.3