Bug 42491 – univention-home-mounter: Fills /tmp with tempfiles - data loss due server DoS

Bug 42491 - univention-home-mounter: Fills /tmp with tempfiles - data loss due server DoS


Summary:	univention-home-mounter: Fills /tmp with tempfiles - data loss due server DoS

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	NFS
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-3-errata
Assigned To:	Philipp Hahn
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-09-23 15:59 CEST by Philipp Hahn
Modified:	2016-10-12 13:06 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.103
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016092321000345
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2016-09-23 15:59:41 CEST

Script uses "set -e" and only does "rm $tmp" at end, thus filling up /tmp/.
Runs every 10 minutes!

"grep -v" is completely broken

dotlockfile is completely inefficient and may file, leading to early script abort.

Broken quoting.

may break depending on locale.

Comment 1 Philipp Hahn

2016-09-26 09:36:07 CEST

And the timeout logic is completely broken: If a mount-point is mounted multiple times (and not unmounted in between), the script will process the oldest mount first and tries to unmount the share, even when it's still in active use.
May lead to data loss!

Comment 2 Philipp Hahn

2016-09-27 16:02:53 CEST

r72845 | Bug #42491,Bug #32018 home: Fix umount
r72842 | Bug #42491 home: Copyright 2016

Package: univention-home-mounter
Version: 7.0.1-2.74.201609271550
Branch: ucs_4.1-0
Scope: errata4.1-3

r72846 | Bug #42491,Bug #32018 home: YAML
 univention-home-mounter.yaml

r72849 | Bug #42491,Bug #32018 home: Fix umount


(In reply to Philipp Hahn from comment #1)
> And the timeout logic is completely broken: If a mount-point is mounted
> multiple times (and not unmounted in between), the script will process the
> oldest mount first and tries to unmount the share, even when it's still in
> active use.

This was not fixed as this would require a complete rewrite.

Comment 3 Stefan Gohmann

2016-10-10 16:38:17 CEST

YAML: OK (small improvement r73051)

Code review: OK

Merge to UCS 4.2: OK

Tests: OK

Comment 4 Janek Walkenhorst

2016-10-12 13:06:46 CEST

<http://errata.software-univention.de/ucs/4.1/283.html>