Author: dannf
Date: Mon Jan 21 01:06:50 2008
New Revision: 10156
Log:
* 253_coredump-only-to-same-uid.diff
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
Mon Jan 21 01:06:50 2008
@@ -41,6 +41,10 @@
252_openpromfs-checks-3.diff
[SECURITY] Fix a number of data checks in openprom code
See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
-- dann frazier <[EMAIL PROTECTED]> Mon, 12 Nov 2007 16:29:16 -0700
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
Mon Jan 21 01:06:50 2008
@@ -0,0 +1,35 @@
+From: Willy Tarreau <[EMAIL PROTECTED]>
+Date: Mon, 10 Dec 2007 06:00:14 +0000 (+0100)
+Subject: [PATCH] vfs: coredumping fix
+X-Git-Tag: v2.4.36-rc1~4
+X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=62b548a60eaff6f986e9b3f5fd602ddae451b33e
+
+[PATCH] vfs: coredumping fix
+
+Backport of 2.6 commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af by Ingo Molnar.
+
+fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
+
+only allow coredumping to the same uid that the coredumping
+task runs under.
+
+Signed-off-by: Willy Tarreau <[EMAIL PROTECTED]>
+---
+
+diff --git a/fs/exec.c b/fs/exec.c
+index 1d23db6..87d06b1 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1167,6 +1167,12 @@ int do_coredump(long signr, struct pt_regs * regs)
+
+ if (!S_ISREG(inode->i_mode))
+ goto close_fail;
++ /*
++ * Dont allow local users get cute and trick others to coredump
++ * into their pre-created files:
++ */
++ if (inode->i_uid != current->fsuid)
++ goto close_fail;
+ if (!file->f_op)
+ goto close_fail;
+ if (!file->f_op->write)
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Mon Jan 21 01:06:50 2008
@@ -12,3 +12,4 @@
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
++ 253_coredump-only-to-same-uid.diff
_______________________________________________
Kernel-svn-changes mailing list
Kernel-svn-changes@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
