** Also affects: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided Status: New
** Changed in: linux-ec2 (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-mvl-dove (Ubuntu Maverick) Status: New => Fix Released ** Changed in: linux-lts-backport-maverick (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux (Ubuntu Maverick) Status: New => Fix Released ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Status: New => Fix Committed ** Changed in: linux-fsl-imx51 (Ubuntu Maverick) Status: New => Invalid ** Description changed: - Since a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c any process with - CAP_NET_ADMIN may load any module from /lib/modules/. This doesn't mean - that CAP_NET_ADMIN is a superset of CAP_SYS_MODULE as modules are - limited to /lib/modules/**. However, CAP_NET_ADMIN capability shouldn't - allow anybody load any module not related to networking. + Description needed - This patch restricts an ability of autoloading modules to netdev modules - with explicit aliases. This fixes CVE-2011-1019. - - Arnd Bergmann suggested to leave untouched the old pre-v2.6.32 behavior - of loading netdev modules by name (without any prefix) for processes - with CAP_SYS_MODULE to maintain the compatibility with network scripts - that use autoloading netdev modules by aliases like "eth0", "wlan0". - - Currently there are only three users of the feature in the upstream - kernel: ipip, ip_gre and sit. - - root@albatros:~# capsh --drop=$(seq -s, 0 11),$(seq -s, 13 34) -- - root@albatros:~# grep Cap /proc/$$/status - CapInh: 0000000000000000 - CapPrm: fffffff800001000 - CapEff: fffffff800001000 - CapBnd: fffffff800001000 - root@albatros:~# modprobe xfs - FATAL: Error inserting xfs - (/lib/modules/2.6.38-rc6-00001-g2bf4ca3/kernel/fs/xfs/xfs.ko): Operation - not permitted - root@albatros:~# lsmod | grep xfs - root@albatros:~# ifconfig xfs - xfs: error fetching interface information: Device not found - root@albatros:~# lsmod | grep xfs - root@albatros:~# lsmod | grep sit - root@albatros:~# ifconfig sit - sit: error fetching interface information: Device not found - root@albatros:~# lsmod | grep sit - root@albatros:~# ifconfig sit0 - sit0 Link encap:IPv6-in-IPv4 - NOARP MTU:1480 Metric:1 - - root@albatros:~# lsmod | grep sit - sit 10457 0 - tunnel4 2957 1 sit - - For CAP_SYS_MODULE module loading is still relaxed: - - root@albatros:~# grep Cap /proc/$$/status - CapInh: 0000000000000000 - CapPrm: ffffffffffffffff - CapEff: ffffffffffffffff - CapBnd: ffffffffffffffff - root@albatros:~# ifconfig xfs - xfs: error fetching interface information: Device not found - root@albatros:~# lsmod | grep xfs - xfs 745319 0 - - Reference: https://lkml.org/lkml/2011/2/24/203 - - [PG: in 2.6.34, the bare MODULE_ALIAS for ipip/tunl0 and ip_gre/gre0 - didn't exist, but this adds the limited scope MODULE_ALIAS_NETDEV ones] + Break-Fix: - 8909c9ad8ff03611c9c96c9a92656213e4bb495b ** Also affects: linux (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-ec2 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-linaro (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-qcm-msm (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-ec2 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-linaro (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-qcm-msm (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-ec2 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-linaro (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-qcm-msm (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/804366 Title: CVE-2011-1019 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/804366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs