The Samba-Bugzilla – Attachment 16137 Details for
Bug 14442
CVE-2020-14342: Shell command injection vulnerability in mount.cifs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
workaround golang wrapper program
mount.cifs.wrap.go (text/plain), 1.98 KB, created by
Aurélien Aptel
on 2020-07-24 14:55:13 UTC
(
hide
)
Description:
workaround golang wrapper program
Filename:
MIME Type:
Creator:
Aurélien Aptel
Created:
2020-07-24 14:55:13 UTC
Size:
1.98 KB
patch
obsolete
>package main > >import "syscall" >import "os" >import "os/exec" >import "strings" >import "fmt" > >// This program is a workaround for CVE-2020-14342 for people who >// cannot update their system > >// This Golang program can be built and just copied over a vulnerable >// system as Golang binaries have minimal to no dependencies. > >// It acts as a wrapper around the mount.cifs binary and can safely >// use the SETUID bit if necessary. > >// On normal inputs it just forwards the call to the original >// mount.cifs. On problematic inputs using shell metacharacters it >// stops and exits. > >// >// Installation >// ============ >// >// Build the wrapper program >// $ go build mount.cifs.wrap.go >// >// Move the real binary to an alternative name (make sure it matches >// the variable below) >// # mv /sbin/{,real.}mount.cifs >// >// Clear setuid bit and group/other bits >// # chmod 700 /sbin/real.mount.cifs >// >// Copy the wrapper over under the original name >// # cp mount.cifs.wrap /sbin/mount.cifs >// >// Set ownership and bits back (setuid only if necessary) >// # chown root:root /sbin/mount.cifs >// # chmod 6755 /sbin/mount.cifs > >var origMountPath = "/sbin/real.mount.cifs" >var badChars = "\\$\"`" >var checkOpts = []string{"username=", "user="} > >func isBadOpts(arg string) bool { > for _, opt := range checkOpts { > start := 0 > for start < len(arg) { > i := strings.Index(arg[start:], opt) > if i < 0 { > break > } > i += len(opt) > end := strings.Index(arg[start+i:], ",") > if end < 0 { > end = len(arg) > } > val := arg[start:end] > if strings.ContainsAny(val, badChars) { > return true > } > start = end > } > } > return false >} > >func main() { > binary, lookErr := exec.LookPath(origMountPath) > if lookErr != nil { > panic(lookErr) > } > > env := os.Environ() > args := []string{"mount.cifs"} > > for _, s := range os.Args[1:] { > if isBadOpts(s) { > fmt.Println("mount.cifs: invalid username") > os.Exit(1) > } > args = append(args, s) > } > > execErr := syscall.Exec(binary, args, env) > if execErr != nil { > panic(execErr) > } >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14442
: 16137 |
16138
|
16139
|
16140
|
16148
|
16149