1From 23e13a52a6213b11eda9a3b09df455f495f74e8d Mon Sep 17 00:00:00 2001 2From: Yogita Urade <yogita.urade@windriver.com> 3Date: Tue, 13 Dec 2022 09:18:33 +0000 4Subject: [PATCH] multipath-tools: use /run instead of /dev/shm 5 6/dev/shm may have unsafe permissions. Use /run instead. 7Use systemd's tmpfiles.d mechanism to create /run/multipath 8early during boot. 9 10For backward compatibilty, make the runtime directory configurable 11via the "runtimedir" make variable. 12 13Signed-off-by: Martin Wilck <mwilck@suse.com> 14Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com> 15 16CVE: CVE-2022-41973 17 18References: 19https://nvd.nist.gov/vuln/detail/CVE-2022-41973 20 21Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f] 22 23Signed-off-by: Yogita Urade <yogita.urade@windriver.com> 24--- 25 .gitignore | 2 ++ 26 Makefile.inc | 7 ++++++- 27 libmultipath/defaults.h | 3 +-- 28 multipath/Makefile | 11 ++++++++--- 29 multipath/{multipath.rules => multipath.rules.in} | 4 ++-- 30 multipath/tmpfiles.conf.in | 1 + 31 6 files changed, 20 insertions(+), 8 deletions(-) 32 rename multipath/{multipath.rules => multipath.rules.in} (95%) 33 create mode 100644 multipath/tmpfiles.conf.in 34 35diff --git a/.gitignore b/.gitignore 36index 9926756b..f90b0350 100644 37--- a/.gitignore 38+++ b/.gitignore 39@@ -8,6 +8,8 @@ 40 *.d 41 kpartx/kpartx 42 multipath/multipath 43+multipath/multipath.rules 44+multipath/tmpfiles.conf 45 multipathd/multipathd 46 mpathpersist/mpathpersist 47 .nfs* 48diff --git a/Makefile.inc b/Makefile.inc 49index 4eb08eed..648f91b4 100644 50--- a/Makefile.inc 51+++ b/Makefile.inc 52@@ -44,6 +44,7 @@ exec_prefix = $(prefix) 53 usr_prefix = $(prefix) 54 bindir = $(exec_prefix)/usr/sbin 55 libudevdir = $(prefix)/$(SYSTEMDPATH)/udev 56+tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d 57 udevrulesdir = $(libudevdir)/rules.d 58 multipathdir = $(TOPDIR)/libmultipath 59 man8dir = $(prefix)/usr/share/man/man8 60@@ -60,6 +61,7 @@ libdmmpdir = $(TOPDIR)/libdmmp 61 nvmedir = $(TOPDIR)/libmultipath/nvme 62 includedir = $(prefix)/usr/include 63 pkgconfdir = $(usrlibdir)/pkgconfig 64+runtimedir := /$(RUN) 65 66 GZIP = gzip -9 -c 67 RM = rm -f 68@@ -95,7 +97,10 @@ OPTFLAGS += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \ 69 -Wno-unused-parameter -Werror=cast-qual \ 70 -Werror=discarded-qualifiers 71 72-CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2 73+CPPFLAGS := $(FORTIFY_OPT) \ 74+ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \ 75+ -DRUNTIME_DIR=\"$(runtimedir)\" \ 76+ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP 77 CFLAGS := $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \ 78 -MMD -MP $(CFLAGS) 79 BIN_CFLAGS = -fPIE -DPIE 80diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h 81index c2164c16..908e0ca3 100644 82--- a/libmultipath/defaults.h 83+++ b/libmultipath/defaults.h 84@@ -64,8 +64,7 @@ 85 #define DEFAULT_WWIDS_FILE "/etc/multipath/wwids" 86 #define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys" 87 #define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d" 88-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/" 89- 90+#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/" 91 92 static inline char *set_default(char *str) 93 { 94diff --git a/multipath/Makefile b/multipath/Makefile 95index e720c7f6..28976546 100644 96--- a/multipath/Makefile 97+++ b/multipath/Makefile 98@@ -12,7 +12,7 @@ EXEC = multipath 99 100 OBJS = main.o 101 102-all: $(EXEC) 103+all: $(EXEC) multipath.rules tmpfiles.conf 104 105 $(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so 106 $(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS) 107@@ -26,7 +26,9 @@ install: 108 $(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/ 109 $(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir) 110 $(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir) 111- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules 112+ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules 113+ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir) 114+ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf 115 $(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir) 116 $(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir) 117 $(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir) 118@@ -43,9 +45,12 @@ uninstall: 119 $(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz 120 121 clean: dep_clean 122- $(RM) core *.o $(EXEC) *.gz 123+ $(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf 124 125 include $(wildcard $(OBJS:.o=.d)) 126 127 dep_clean: 128 $(RM) $(OBJS:.o=.d) 129+ 130+%: %.in 131+ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@ 132diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in 133similarity index 95% 134rename from multipath/multipath.rules 135rename to multipath/multipath.rules.in 136index 0486bf70..5fb499e6 100644 137--- a/multipath/multipath.rules 138+++ b/multipath/multipath.rules.in 139@@ -1,8 +1,8 @@ 140 # Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath 141 SUBSYSTEM!="block", GOTO="end_mpath" 142 KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath" 143-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \ 144- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor" 145+ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \ 146+ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor" 147 ACTION!="add|change", GOTO="end_mpath" 148 149 IMPORT{cmdline}="nompath" 150diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in 151new file mode 100644 152index 00000000..21be438a 153--- /dev/null 154+++ b/multipath/tmpfiles.conf.in 155@@ -0,0 +1 @@ 156+d @RUNTIME_DIR@/multipath 0700 root root - 157-- 1582.32.0 159 160