r2512 - in trunk/kernel/source: kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series kernel-source-2.6.9-2.6.9/debian kernel-source-2.6.9-2.6.9/debian/patches kernel-source-2.6.9-2.6.9/debian/patches/series
Joshua Kwan
joshk@costa.debian.org
Thu, 17 Feb 2005 21:30:08 +0100
Author: joshk
Date: 2005-02-17 21:30:07 +0100 (Thu, 17 Feb 2005)
New Revision: 2512
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6
Log:
proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could allow user processes to read environment data from processes in the middle of spawning.
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-02-17 20:30:07 UTC (rev 2512)
@@ -34,8 +34,12 @@
* au88x0-use-short-name.dpatch: Use CARD_SHORT_NAME in au88x0.c to allow
card-specific driver names (CARD_SHORT_NAME is redefined by each driver.)
(Joshua Kwan)
+
+ * proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could
+ allow user processes to read environment data from processes in the
+ middle of spawning. (Joshua Kwan)
- -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 11:15:10 -0800
+ -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 12:27:56 -0800
kernel-source-2.6.8 (2.6.8-13) unstable; urgency=high
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch 2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-cmdline-mmput-leak.dpatch 2005-02-17 20:30:07 UTC (rev 2512)
@@ -0,0 +1,44 @@
+# origin: bk
+# key: 41a2172dHEUBTuxDtKQTo13Pc2wZsQ (linux-2.5)
+# description: fix cmdline race that could allow users to read new process data
+# inclusion: 2.6.10 (backport)
+# revision date: 2005-02-17
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/11/22 08:43:25-08:00 pmeda@akamai.com
+# [PATCH] /proc/cmdline missing mmput
+#
+# Fix the mmput bug introduced while fixing cmdline race.
+#
+# Signed-off-by: Prasanna Meda <pmeda@akamai.com>
+# Signed-off-by: Andrew Morton <akpm@osdl.org>
+# Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+#
+# fs/proc/base.c
+# 2004/11/21 22:42:29-08:00 pmeda@akamai.com +2 -2
+# /proc/cmdline missing mmput
+#
+diff -Nru a/fs/proc/base.c b/fs/proc/base.c
+--- a/fs/proc/base.c 2005-02-17 12:26:02 -08:00
++++ b/fs/proc/base.c 2005-02-17 12:26:02 -08:00
+@@ -343,7 +343,7 @@
+ if (!mm)
+ goto out;
+ if (!mm->arg_end)
+- goto out; /* Shh! No looking before we're done */
++ goto out_mm; /* Shh! No looking before we're done */
+
+ len = mm->arg_end - mm->arg_start;
+
+@@ -366,8 +366,8 @@
+ res = strnlen(buffer, res);
+ }
+ }
++out_mm:
+ mmput(mm);
+-
+ out:
+ return res;
+ }
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14 2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14 2005-02-17 20:30:07 UTC (rev 2512)
@@ -8,3 +8,4 @@
+ skb-reset-ip_summed.dpatch
+ sparc64-nis-killer.dpatch
+ au88x0-use-short-name.dpatch
++ proc-cmdline-mmput-leak.dpatch
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/changelog 2005-02-17 20:30:07 UTC (rev 2512)
@@ -35,6 +35,8 @@
that (as a side effect) caused NIS to flatten a sparc64 machine.
closes: #295627 (Joshua Kwan)
+ * proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could allow user processes to read environment data from processes in the middle of spawning. (Joshua Kwan)
+
-- Joshua Kwan <joshk@triplehelix.org> Wed, 16 Feb 2005 17:50:54 -0800
kernel-source-2.6.9 (2.6.9-5) unstable; urgency=low
Added: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch 2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/proc-cmdline-mmput-leak.dpatch 2005-02-17 20:30:07 UTC (rev 2512)
@@ -0,0 +1,44 @@
+# origin: bk
+# key: 41a2172dHEUBTuxDtKQTo13Pc2wZsQ (linux-2.5)
+# description: fix cmdline race that could allow users to read new process data
+# inclusion: 2.6.10 (backport)
+# revision date: 2005-02-17
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/11/22 08:43:25-08:00 pmeda@akamai.com
+# [PATCH] /proc/cmdline missing mmput
+#
+# Fix the mmput bug introduced while fixing cmdline race.
+#
+# Signed-off-by: Prasanna Meda <pmeda@akamai.com>
+# Signed-off-by: Andrew Morton <akpm@osdl.org>
+# Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+#
+# fs/proc/base.c
+# 2004/11/21 22:42:29-08:00 pmeda@akamai.com +2 -2
+# /proc/cmdline missing mmput
+#
+diff -Nru a/fs/proc/base.c b/fs/proc/base.c
+--- a/fs/proc/base.c 2005-02-17 12:26:02 -08:00
++++ b/fs/proc/base.c 2005-02-17 12:26:02 -08:00
+@@ -343,7 +343,7 @@
+ if (!mm)
+ goto out;
+ if (!mm->arg_end)
+- goto out; /* Shh! No looking before we're done */
++ goto out_mm; /* Shh! No looking before we're done */
+
+ len = mm->arg_end - mm->arg_start;
+
+@@ -366,8 +366,8 @@
+ res = strnlen(buffer, res);
+ }
+ }
++out_mm:
+ mmput(mm);
+-
+ out:
+ return res;
+ }
Modified: trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6
===================================================================
--- trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6 2005-02-17 20:29:32 UTC (rev 2511)
+++ trunk/kernel/source/kernel-source-2.6.9-2.6.9/debian/patches/series/2.6.9-6 2005-02-17 20:30:07 UTC (rev 2512)
@@ -4,3 +4,4 @@
+ au88x0-use-short-name.dpatch
+ skb-reset-ip_summed.dpatch
+ sparc64-nis-killer.dpatch
++ proc-cmdline-mmput-leak.dpatch