r2517 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series
Joshua Kwan
joshk@costa.debian.org
Fri, 18 Feb 2005 00:18:16 +0100
Author: joshk
Date: 2005-02-18 00:18:15 +0100 (Fri, 18 Feb 2005)
New Revision: 2517
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/025-track_dummy_capability.dpatch
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/027-track_dummy_capability-2.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
Log:
add root cap priv esclation hole fix from 2.6.10
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-02-17 23:12:56 UTC (rev 2516)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-02-17 23:18:15 UTC (rev 2517)
@@ -34,12 +34,18 @@
* au88x0-use-short-name.dpatch: Use CARD_SHORT_NAME in au88x0.c to allow
card-specific driver names (CARD_SHORT_NAME is redefined by each driver.)
(Joshua Kwan)
-
+
* proc-cmdline-mmput-leak.dpatch: [CAN-2004-1058] fix race that could
allow user processes to read environment data from processes in the
middle of spawning. (Joshua Kwan)
+
+ * 025-track_dummy_capability.dpatch, 027-track_dummy_capability.dpatch:
+ [CAN-2004-1337] The dummy capabilities module wasn't keeping track of
+ processes capabilities; so, when a capabilities module was loaded,
+ all untracked processes would magically be given root capabilities.
+ Backport from 2.6.10's kernel-source. (Joshua Kwan)
- -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 12:27:56 -0800
+ -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 15:15:00 -0800
kernel-source-2.6.8 (2.6.8-13) unstable; urgency=high
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/025-track_dummy_capability.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/025-track_dummy_capability.dpatch 2005-02-17 23:12:56 UTC (rev 2516)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/025-track_dummy_capability.dpatch 2005-02-17 23:18:15 UTC (rev 2517)
@@ -0,0 +1,61 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [PATCH] track capabilities in default dummy security module code
+## DP: Patch author: chrisw@osdl.org
+## DP: Upstream status: backported
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/01/04 13:54:13-08:00 chrisw@osdl.org
+# [PATCH] track capabilities in default dummy security module code
+#
+# Switch dummy logic around to set cap_* bits during exec and set*uid based
+# on basic uid check. Then check cap_* bits during capable() (rather than
+# doing basic uid check). This ensures that capability bits are properly
+# initialized in case the capability module is later loaded.
+#
+# Signed-off-by: Chris Wright <chrisw@osdl.org>
+# Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+#
+# security/dummy.c
+# 2005/01/04 13:14:10-08:00 chrisw@osdl.org +3 -4
+# track capabilities in default dummy security module code
+#
+diff -Nru a/security/dummy.c b/security/dummy.c
+--- a/security/dummy.c 2005-01-04 20:00:14 -08:00
++++ b/security/dummy.c 2005-01-04 20:00:14 -08:00
+@@ -74,11 +74,8 @@
+
+ static int dummy_capable (struct task_struct *tsk, int cap)
+ {
+- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+- /* capability granted */
++ if (cap_raised (tsk->cap_effective, cap))
+ return 0;
+-
+- /* capability denied */
+ return -EPERM;
+ }
+
+@@ -183,6 +180,7 @@
+
+ static void dummy_bprm_free_security (struct linux_binprm *bprm)
+ {
++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
+ return;
+ }
+
+@@ -558,6 +556,7 @@
+
+ static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+ {
++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
+ return 0;
+ }
+
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/027-track_dummy_capability-2.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/027-track_dummy_capability-2.dpatch 2005-02-17 23:12:56 UTC (rev 2516)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/027-track_dummy_capability-2.dpatch 2005-02-17 23:18:15 UTC (rev 2517)
@@ -0,0 +1,50 @@
+#! /bin/sh -e
+## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: [PATCH] fix up dummy security module code merge
+## DP: Patch author: chrisw@osdl.org
+## DP: Upstream status: backported
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/01/04 15:59:03-08:00 chrisw@osdl.org
+# [PATCH] fix up dummy security module code merge
+#
+# OK, somehow I managed to botch this one. It happens to work fine, but I
+# should have been more careful with forward porting this 1+ year old patch.
+# The exec-time calc should go in bprm_apply_creds, not bprm_free_security.
+#
+# Thanks to Stephen for spotting my mistake.
+#
+# Signed-off-by: Chris Wright <chrisw@osdl.org>
+# Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+#
+# security/dummy.c
+# 2005/01/04 14:45:31-08:00 chrisw@osdl.org +2 -1
+# fix up dummy security module code merge
+#
+diff -Nru a/security/dummy.c b/security/dummy.c
+--- a/security/dummy.c 2005-01-04 20:05:02 -08:00
++++ b/security/dummy.c 2005-01-04 20:05:02 -08:00
+@@ -180,7 +180,6 @@
+
+ static void dummy_bprm_free_security (struct linux_binprm *bprm)
+ {
+- dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
+ return;
+ }
+
+@@ -197,6 +196,8 @@
+
+ current->suid = current->euid = current->fsuid = bprm->e_uid;
+ current->sgid = current->egid = current->fsgid = bprm->e_gid;
++
++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
+ }
+
+ static int dummy_bprm_set_security (struct linux_binprm *bprm)
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14 2005-02-17 23:12:56 UTC (rev 2516)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14 2005-02-17 23:18:15 UTC (rev 2517)
@@ -9,3 +9,5 @@
+ sparc64-nis-killer.dpatch
+ au88x0-use-short-name.dpatch
+ proc-cmdline-mmput-leak.dpatch
++ 025-track_dummy_capability.dpatch
++ 027-track_dummy_capability-2.dpatch