hal/tools hal-system-storage-eject, 1.3, 1.4 hal-system-storage-mount, 1.10, 1.11 hal-system-storage-unmount, 1.3, 1.4

Wed Jan 11 09:00:23 PST 2006

Update of /cvs/hal/hal/tools
In directory gabe:/tmp/cvs-serv19326/tools

Modified Files:
	hal-system-storage-eject hal-system-storage-mount 
	hal-system-storage-unmount 
Log Message:
2006-01-11  Kay Sievers  <kay.sievers at vrfy.org>

        Don't trust any user input, replace all suspicious chars with '_'.

        * fdi/policy/10osvendor/20-storage-methods.fdi: add
        volume.unmount.valid_options
        * tools/hal-system-storage-eject:
        * tools/hal-system-storage-mount:
        * tools/hal-system-storage-unmount: allow "lazy" to be passed


Index: hal-system-storage-eject
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-eject,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4

--- hal-system-storage-eject	8 Jan 2006 22:27:03 -0000	1.3
+++ hal-system-storage-eject	11 Jan 2006 17:00:21 -0000	1.4
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Copyright (C) 2005, Kay Sievers <kay.sievers at vrfy.org>
 # Copyright (C) 2006, David Zeuthen <david at fubar.dk>
@@ -13,6 +13,14 @@
     exit 1
 fi
 
+# read parameters
+# "<option1>\t<option2>\n"
+# Only allow ^a-zA-Z0-9_= in the string because otherwise someone may
+# pass e.g. umask=0600,suid,dev or umask=`/bin/evil`
+
+read GIVEN_EJECTOPTIONS
+GIVEN_EJECTOPTIONS=${GIVEN_EJECTOPTIONS//[^a-zA-Z0-9_=[:space:]]/_}
+
 RESULT=$(eject "$HAL_PROP_BLOCK_DEVICE" 2>&1)
 if [ $? -ne 0 ]; then
     case "$RESULT" in

Index: hal-system-storage-mount
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-mount,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- hal-system-storage-mount	11 Jan 2006 02:44:46 -0000	1.10
+++ hal-system-storage-mount	11 Jan 2006 17:00:21 -0000	1.11
@@ -32,9 +32,15 @@
 # "MyDisk\n"
 # "fuse\n"
 # "ro\tsync\n"
+# Only allow ^a-zA-Z0-9_= in the string because otherwise someone may
+# pass e.g. umask=0600,suid,dev or umask=`/bin/evil`
+
 read GIVEN_MOUNTPOINT
+GIVEN_MOUNTPOINT=${GIVEN_MOUNTPOINT//[^a-zA-Z0-9_+-]/@}
 read GIVEN_MOUNTTYPE
+GIVEN_MOUNTTYPE=${GIVEN_MOUNTTYPE//[^a-zA-Z0-9_=]/_}
 read GIVEN_MOUNTOPTIONS
+GIVEN_MOUNTOPTIONS=${GIVEN_MOUNTOPTIONS//[^a-zA-Z0-9_=[:space:]]/_}
 
 # if no mountpoint, get mountpoint from label
 if [ "$GIVEN_MOUNTPOINT" == "" ]; then
@@ -52,9 +58,9 @@
     GIVEN_MOUNTPOINT="disk"
 fi
 
-# validate characters in mountpoint
+# we've replaced invalid characters in requested mountpoint with '@'
 case "$GIVEN_MOUNTPOINT" in
-    *[!A-Za-z0-9_\-\+:]*)
+    *@*)
 	echo "org.freedesktop.Hal.Device.Volume.InvalidMountpoint" >&2
 	echo "The mountpoint is invalid." >&2
 	exit 1
@@ -101,21 +107,16 @@
 			    if [ "uid=$HAL_METHOD_INVOKED_BY_UID" != "$OPTION" ]; then
 				echo "org.freedesktop.Hal.Device.Volume.InvalidMountOption" >&2
 				echo "The option '$OPTION' is not allowed for uid=$HAL_METHOD_INVOKED_BY_UID" >&2
-				exit 1				    
+				exit 1
 			    fi
 			fi
 		    fi
-		    		    
-		    # Only allow ^a-zA-Z0-9_= in the string because otherwise an attacker may
-		    # pass e.g. umask=0600,suid,dev or umask=`/bin/evil` and this will get merged
-		    # into $MOUNTOPTIONS - Simply replace illegal characters with an underscore
-		    MODIFIED_OPTION=${OPTION//[^a-zA-Z0-9_=]/_}
-		    MOUNTOPTIONS="$MOUNTOPTIONS,$MODIFIED_OPTION"
+		    MOUNTOPTIONS="$MOUNTOPTIONS,$OPTION"
 		    OPTION_WAS_OK="1"
 		fi
 	    fi
 	done
-	if [ "$OPTION_WAS_OK" != "1" ]; then	    
+	if [ "$OPTION_WAS_OK" != "1" ]; then
 	    echo "org.freedesktop.Hal.Device.Volume.InvalidMountOption" >&2
 	    echo "The option '$OPTION' is not allowed" >&2
 	    exit 1

Index: hal-system-storage-unmount
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-unmount,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- hal-system-storage-unmount	20 Dec 2005 17:09:35 -0000	1.3
+++ hal-system-storage-unmount	11 Jan 2006 17:00:21 -0000	1.4
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Copyright (C) 2005, Kay Sievers <kay.sievers at vrfy.org>
 #
@@ -18,7 +18,48 @@
     exit 1
 fi
 
-RESULT=$(umount "$HAL_PROP_VOLUME_MOUNT_POINT" 2>&1)
+# read parameters
+# "lazy\tforce\n"
+# Only allow ^a-zA-Z0-9_= in the string because otherwise someone may
+# pass e.g. umask=0600,suid,dev or umask=`/bin/evil`
+
+read GIVEN_UNMOUNTOPTIONS
+GIVEN_UNMOUNTOPTIONS=${GIVEN_UNMOUNTOPTIONS//[^a-zA-Z0-9_=[:space:]]/_}
+
+if [ "$GIVEN_UNMOUNTOPTIONS" != "" ]; then
+    for OPTION in $GIVEN_UNMOUNTOPTIONS; do
+	OPTION_WAS_OK="0"
+	for VALID_OPTION in $HAL_PROP_VOLUME_UNMOUNT_VALID_OPTIONS; do
+	    if [ "$OPTION" == "$VALID_OPTION" ]; then
+		OPTION_WAS_OK="1"
+		break
+	    fi
+	done
+
+	if [ "$OPTION_WAS_OK" == "1" ]; then
+		case "$OPTION" in
+		    "lazy")
+			UNMOUNTOPTIONS="$UNMOUNTOPTIONS -l"
+			OPTION_WAS_OK="1"
+			;;
+		    "force")
+			UNMOUNTOPTIONS="$UNMOUNTOPTIONS -f"
+			OPTION_WAS_OK="1"
+			;;
+		    *)
+			echo "org.freedesktop.Hal.Device.Volume.UnsupportedUnmountOption" >&2
+			echo "The option '$OPTION' is not supported" >&2
+			exit 1
+		esac
+	else
+		echo "org.freedesktop.Hal.Device.Volume.InvalidUnmountOption" >&2
+		echo "The option '$OPTION' is invalid" >&2
+		exit 1
+	fi
+    done
+fi
+
+RESULT=$(umount $UNMOUNTOPTIONS "$HAL_PROP_VOLUME_MOUNT_POINT" 2>&1)
 if [ $? -ne 0 ]; then
     case "$RESULT" in
 	*busy*)


