series

Dann Frazier Sat, 15 Jul 2006 01:21:06 -0700

Author: dannf
Date: Sat Jul 15 08:20:30 2006
New Revision: 7006

Added:
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-1.dpatch
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-2.dpatch
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge4
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog


Log:
* proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
  [SECURITY] Fix local root vulnerability caused by a race in proc
  See CVE-2006-3626

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    Sat Jul 15 08:20:30 2006
@@ -1,3 +1,11 @@
+kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
+
+  * proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
+    [SECURITY] Fix local root vulnerability caused by a race in proc
+    See CVE-2006-3626
+
+ -- dann frazier <[EMAIL PROTECTED]>  Sat, 15 Jul 2006 02:03:51 -0600
+
 kernel-source-2.6.8 (2.6.8-16sarge3) stable-security; urgency=high
 
   * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch

Added: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-1.dpatch
==============================================================================
--- (empty file)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-1.dpatch
      Sat Jul 15 08:20:30 2006
@@ -0,0 +1,25 @@
+From: Linus Torvalds <[EMAIL PROTECTED]>
+Date: Fri, 14 Jul 2006 23:51:34 +0000 (-0700)
+Subject: Fix nasty /proc vulnerability
+X-Git-Url: 
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3
+
+Fix nasty /proc vulnerability
+
+We have a bad interaction with both the kernel and user space being able
+to change some of the /proc file status.  This fixes the most obvious
+part of it, but I expect we'll also make it harder for users to modify
+even their "own" files in /proc.
+
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry 
+               } else {
+                       inode->i_uid = 0;
+                       inode->i_gid = 0;
++                      inode->i_mode = 0;
+               }
+               security_task_to_inode(task, inode);
+               put_task_struct(task);

Added: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-2.dpatch
==============================================================================
--- (empty file)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-2.dpatch
      Sat Jul 15 08:20:30 2006
@@ -0,0 +1,35 @@
+From: Linus Torvalds <[EMAIL PROTECTED]>
+Date: Sat, 15 Jul 2006 04:48:03 +0000 (-0700)
+Subject: Relax /proc fix a bit
+X-Git-Url: 
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ee8ab9fbf21e6b87ad227cd46c0a4be41ab749b
+
+Relax /proc fix a bit
+
+Clearign all of i_mode was a bit draconian. We only really care about
+S_ISUID/ISGID, after all.
+
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <[EMAIL PROTECTED]>
+diff -uprN kernel-source-2.6.8-2.6.8.orig/fs/proc/base.c 
kernel-source-2.6.8-2.6.8/fs/proc/base.c
+--- kernel-source-2.6.8-2.6.8.orig/fs/proc/base.c      2006-07-15 
02:10:35.000000000 -0600
++++ kernel-source-2.6.8-2.6.8/fs/proc/base.c   2006-07-15 02:12:25.000000000 
-0600
+@@ -988,8 +988,8 @@ static int pid_revalidate(struct dentry 
+               } else {
+                       inode->i_uid = 0;
+                       inode->i_gid = 0;
+-                      inode->i_mode = 0;
+               }
++              inode->i_mode &= ~(S_ISUID | S_ISGID);
+               security_task_to_inode(task, inode);
+               return 1;
+       }
+@@ -1017,6 +1017,7 @@ static int tid_fd_revalidate(struct dent
+                               inode->i_uid = 0;
+                               inode->i_gid = 0;
+                       }
++                      inode->i_mode &= ~(S_ISUID | S_ISGID);
+                       security_task_to_inode(task, inode);
+                       return 1;
+               }

Added: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge4
==============================================================================
--- (empty file)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge4
   Sat Jul 15 08:20:30 2006
@@ -0,0 +1,2 @@
++ proc-environ-race-1.dpatch
++ proc-environ-race-2.dpatch

_______________________________________________
Kernel-svn-changes mailing list
Kernel-svn-changes@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

[kernel] r7006 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Reply via email to