This is public now. I removed the attached patches; they were valid, but had a wrong attribution (the original patch was from David Zeuthen). I put links to the official upstream patches into the description.
** Description changed: EMBARGOED until 2014-03-10 + PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Florian Weimer of the Red Hat Product Security Team found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root). Huzaifa Sidhpurwala created a proposed patch. I don't like the changing from PATH_MAX to 4096, but it looks good otherwise. I'll handle the upstream bits, Debian and Ubuntu trusty updates and discuss the PATH_MAX issue. + + Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967 + Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471 ** Patch removed: "improved udisks2 patch" https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008467/+files/udisks2.patch ** Patch removed: "fixed backported patch for udisks 1" https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008468/+files/udisks1.patch ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1288226 Title: buffer overflow with long path names To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
