[Pkg-utopia-maintainers] Bug#1034124: udev security update breaks all ext4 removable storage handling

[Floris Bos]

Package: udisks2

Version: 2.8.1-4+deb10u1

Severity: serious


Hi,


The security team recently released udisks2 2.8.1-4+deb10u1 that forces 
the mount option 'errors=remount-ro' to be used for all mounting 
operations on ext4 file systems.
However it seems the code was not modified correctly to allow that 
option to be used.


On a system with a LXDE based desktop environment, hot-plugging an ext4 
formatted USB drive, result in the user being presented with an "Mount 
option `errors=remount-ro' is not allowed" error dialog box, and the 
mount not occurring.

Same when mounting manually as regular user through udisksctl:

==
max at pibuster:~ $ udisksctl mount -b /dev/sda2
Error mounting /dev/sda2: 
GDBus.Error:org.freedesktop.UDisks2.Error.OptionNotPermitted: Mount 
option `errors=remount-ro' is not allowed
==


Looking at debian/patches/mount-ext-readonly-on-errors.patch
It did seem the author of the patch knew options need to be allowed, as 
he does add "errors=remount-ro" to ext4_allow:

+static const gchar *ext4_allow[] = { "errors=remount-ro", NULL };

However looking at is_mount_option_allowed() in 
src/udiskslinuxfilesystem.c the allow list handling code only expect a 
lists of allowed option keys in ext4_allow, not entries in the form 
key=value...

So that is not going to fly without further changes to 
is_mount_option_allowed()...



Yours sincerely,

Floris Bos