Author: dannf
Date: Wed Feb 13 21:14:07 2008
New Revision: 10533
Log:
* bugfix/cifs-honor-umask.dpatch
[SECURITY] Make CIFS honor a process' umask
See CVE-2007-3740
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cifs-honor-umask.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Wed Feb 13 21:14:07 2008
@@ -44,8 +44,11 @@
* [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
into address space reserved for hugetlb pages.
See CVE-2007-3739
+ * bugfix/cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
- -- dann frazier <[EMAIL PROTECTED]> Wed, 13 Feb 2008 14:01:28 -0700
+ -- dann frazier <[EMAIL PROTECTED]> Wed, 13 Feb 2008 14:12:35 -0700
kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cifs-honor-umask.dpatch
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cifs-honor-umask.dpatch
Wed Feb 13 21:14:07 2008
@@ -0,0 +1,81 @@
+From: Steve French <[EMAIL PROTECTED]>
+Date: Fri, 8 Jun 2007 14:55:14 +0000 (+0000)
+Subject: [CIFS] CIFS should honour umask
+X-Git-Tag: v2.6.22-rc5~50^2
+X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=3ce53fc4c57603d99c330a6ee2fe96d94f2d350f
+
+[CIFS] CIFS should honour umask
+
+This patch makes CIFS honour a process' umask like other filesystems.
+Of course the server is still free to munge the permissions if it wants
+to; but the client will send the "right" permissions to begin with.
+
+A few caveats:
+
+1) It only applies to filesystems that have CAP_UNIX (aka support unix
+extensions)
+2) It applies the correct mode to the follow up CIFSSMBUnixSetPerms()
+after remote creation
+
+When mode to CIFS/NTFS ACL mapping is complete we can do the
+same thing for that case for servers which do not
+support the Unix Extensions.
+
+Signed-off-by: Matt Keenen <[EMAIL PROTECTED]>
+Signed-off-by: Steve French <[EMAIL PROTECTED]>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <[EMAIL PROTECTED]>
+
+diff -urpN kernel-source-2.6.8.orig/fs/cifs/dir.c
kernel-source-2.6.8/fs/cifs/dir.c
+--- kernel-source-2.6.8.orig/fs/cifs/dir.c 2007-05-26 02:54:39.000000000
-0600
++++ kernel-source-2.6.8/fs/cifs/dir.c 2008-02-13 14:05:50.000000000 -0700
+@@ -242,7 +242,8 @@ cifs_create(struct inode *inode, struct
+ /* If Open reported that we actually created a file
+ then we now have to set the mode if possible */
+ if ((cifs_sb->tcon->ses->capabilities & CAP_UNIX) &&
+- (oplock & CIFS_CREATE_ACTION))
++ (oplock & CIFS_CREATE_ACTION)) {
++ mode &= ~current->fs->umask;
+ if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
+ CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode,
+ (__u64)current->euid,
+@@ -256,7 +257,7 @@ cifs_create(struct inode *inode, struct
+ 0 /* dev */,
+ cifs_sb->local_nls);
+ }
+- else {
++ } else {
+ /* BB implement via Windows security descriptors */
+ /* eg
CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/
+ /* could set r/o dos attribute if mode & 0222 == 0 */
+@@ -356,6 +357,7 @@ int cifs_mknod(struct inode *inode, stru
+ rc = -ENOMEM;
+
+ if (full_path && (pTcon->ses->capabilities & CAP_UNIX)) {
++ mode &= ~current->fs->umask;
+ if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
+ rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path,
+ mode,(__u64)current->euid,(__u64)current->egid,
+diff -urpN kernel-source-2.6.8.orig/fs/cifs/inode.c
kernel-source-2.6.8/fs/cifs/inode.c
+--- kernel-source-2.6.8.orig/fs/cifs/inode.c 2004-08-13 23:36:11.000000000
-0600
++++ kernel-source-2.6.8/fs/cifs/inode.c 2008-02-13 14:07:24.000000000
-0700
+@@ -480,7 +480,8 @@ cifs_mkdir(struct inode *inode, struct d
+ d_instantiate(direntry, newinode);
+ if(direntry->d_inode)
+ direntry->d_inode->i_nlink = 2;
+- if (cifs_sb->tcon->ses->capabilities & CAP_UNIX)
++ if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) {
++ mode &= ~current->fs->umask;
+ if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
+ CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode,
+ (__u64)current->euid,
+@@ -494,7 +495,7 @@ cifs_mkdir(struct inode *inode, struct d
+ 0 /* dev_t */,
+ cifs_sb->local_nls);
+ }
+- else { /* BB to be implemented via Windows secrty descriptors*/
++ } else { /* BB to be implemented via Windows secrty
descriptors*/
+ /* eg
CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/
+ }
+ }
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1
Wed Feb 13 21:14:07 2008
@@ -12,3 +12,4 @@
+ minixfs-printk-hang.dpatch
+ isdn-net-overflow.dpatch
+ prevent-stack-growth-into-hugetlb-region.dpatch
++ cifs-honor-umask.dpatch
_______________________________________________
Kernel-svn-changes mailing list
Kernel-svn-changes@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
