r2512 - in trunk/kernel/source: kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series kernel-source-2.6.9-2.6.9/debian kernel-source-2.6.9-2.6.9/debian/patches kernel-source-2.6.9-2.6.9/debian/patches/series

Joshua Kwan joshk@costa.debian.org
Thu, 17 Feb 2005 21:30:08 +0100 

Author: joshk
Date: 2005-02-17 21:30:07 +0100 (Thu, 17 Feb 2005)
New Revision: 2512

Added:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
   trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6
Log:
proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could allow user processes to read environment data from processes in the middle of spawning.


Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-02-17 20:30:07 UTC (rev 2512)
@@ -34,8 +34,12 @@
   * au88x0-use-short-name.dpatch: Use CARD_SHORT_NAME in au88x0.c to allow
     card-specific driver names (CARD_SHORT_NAME is redefined by each driver.)
     (Joshua Kwan)
+  
+  * proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could
+    allow user processes to read environment data from processes in the
+    middle of spawning. (Joshua Kwan)
 
- -- Joshua Kwan <joshk@triplehelix.org>  Thu, 17 Feb 2005 11:15:10 -0800
+ -- Joshua Kwan <joshk@triplehelix.org>  Thu, 17 Feb 2005 12:27:56 -0800
 
 kernel-source-2.6.8 (2.6.8-13) unstable; urgency=high
 

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch	2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch	2005-02-17 20:30:07 UTC (rev 2512)
@@ -0,0 +1,44 @@
+# origin: bk
+# key: 41a2172dHEUBTuxDtKQTo13Pc2wZsQ (linux-2.5)
+# description: fix cmdline race that could allow users to read new process data
+# inclusion: 2.6.10 (backport)
+# revision date: 2005-02-17
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/11/22 08:43:25-08:00 pmeda@akamai.com 
+#   [PATCH] /proc/cmdline missing mmput
+#   
+#   Fix the mmput bug introduced while fixing cmdline race.
+#   
+#   Signed-off-by: Prasanna Meda <pmeda@akamai.com>
+#   Signed-off-by: Andrew Morton <akpm@osdl.org>
+#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+# 
+# fs/proc/base.c
+#   2004/11/21 22:42:29-08:00 pmeda@akamai.com +2 -2
+#   /proc/cmdline missing mmput
+# 
+diff -Nru a/fs/proc/base.c b/fs/proc/base.c
+--- a/fs/proc/base.c	2005-02-17 12:26:02 -08:00
++++ b/fs/proc/base.c	2005-02-17 12:26:02 -08:00
+@@ -343,7 +343,7 @@
+ 	if (!mm)
+ 		goto out;
+ 	if (!mm->arg_end)
+-		goto out;	/* Shh! No looking before we're done */
++		goto out_mm;	/* Shh! No looking before we're done */
+ 
+  	len = mm->arg_end - mm->arg_start;
+  
+@@ -366,8 +366,8 @@
+ 			res = strnlen(buffer, res);
+ 		}
+ 	}
++out_mm:
+ 	mmput(mm);
+-
+ out:
+ 	return res;
+ }

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14	2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14	2005-02-17 20:30:07 UTC (rev 2512)
@@ -8,3 +8,4 @@
 + skb-reset-ip_summed.dpatch
 + sparc64-nis-killer.dpatch
 + au88x0-use-short-name.dpatch
++ proc-cmdline-mmput-leak.dpatch 

Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog	2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog	2005-02-17 20:30:07 UTC (rev 2512)
@@ -35,6 +35,8 @@
     that (as a side effect) caused NIS to flatten a sparc64 machine.
     closes: #295627 (Joshua Kwan)
 
+  * proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could             allow user processes to read environment data from processes in the             middle of spawning. (Joshua Kwan)
+
  -- Joshua Kwan <joshk@triplehelix.org>  Wed, 16 Feb 2005 17:50:54 -0800
 
 kernel-source-2.6.9 (2.6.9-5) unstable; urgency=low

Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch	2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch	2005-02-17 20:30:07 UTC (rev 2512)
@@ -0,0 +1,44 @@
+# origin: bk
+# key: 41a2172dHEUBTuxDtKQTo13Pc2wZsQ (linux-2.5)
+# description: fix cmdline race that could allow users to read new process data
+# inclusion: 2.6.10 (backport)
+# revision date: 2005-02-17
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/11/22 08:43:25-08:00 pmeda@akamai.com 
+#   [PATCH] /proc/cmdline missing mmput
+#   
+#   Fix the mmput bug introduced while fixing cmdline race.
+#   
+#   Signed-off-by: Prasanna Meda <pmeda@akamai.com>
+#   Signed-off-by: Andrew Morton <akpm@osdl.org>
+#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+# 
+# fs/proc/base.c
+#   2004/11/21 22:42:29-08:00 pmeda@akamai.com +2 -2
+#   /proc/cmdline missing mmput
+# 
+diff -Nru a/fs/proc/base.c b/fs/proc/base.c
+--- a/fs/proc/base.c	2005-02-17 12:26:02 -08:00
++++ b/fs/proc/base.c	2005-02-17 12:26:02 -08:00
+@@ -343,7 +343,7 @@
+ 	if (!mm)
+ 		goto out;
+ 	if (!mm->arg_end)
+-		goto out;	/* Shh! No looking before we're done */
++		goto out_mm;	/* Shh! No looking before we're done */
+ 
+  	len = mm->arg_end - mm->arg_start;
+  
+@@ -366,8 +366,8 @@
+ 			res = strnlen(buffer, res);
+ 		}
+ 	}
++out_mm:
+ 	mmput(mm);
+-
+ out:
+ 	return res;
+ }

Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6	2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6	2005-02-17 20:30:07 UTC (rev 2512)
@@ -4,3 +4,4 @@
 + au88x0-use-short-name.dpatch 
 + skb-reset-ip_summed.dpatch
 + sparc64-nis-killer.dpatch
++ proc-cmdline-mmput-leak.dpatch