r3045 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series
Simon Horman
horms@costa.debian.org
Thu, 12 May 2005 07:29:23 +0000
Author: horms
Date: 2005-05-12 07:29:22 +0000 (Thu, 12 May 2005)
New Revision: 3045
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-binfmt_elf-dump-privelage.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16
Log:
Linux kernel ELF core dump privilege elevation. See CAN-2005-1263. (closes: #308634, #308724).
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-05-12 05:58:57 UTC (rev 3044)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-05-12 07:29:22 UTC (rev 3045)
@@ -145,8 +145,12 @@
DoS vulnerability in fib_seq_start()
See CAN-2005-1041. (closes: #304548). (Simon Horman)
- -- Simon Horman <horms@debian.org> Wed, 11 May 2005 17:37:32 +0900
+ * fs-binfmt_elf-dump-privelage.dpatch:
+ Linux kernel ELF core dump privilege elevation
+ See CAN-2005-1263. (closes: #308634, #308724). (Simon Horman)
+ -- Simon Horman <horms@debian.org> Thu, 12 May 2005 16:25:40 +0900
+
kernel-source-2.6.8 (2.6.8-15) unstable; urgency=high
* [Security] Fix race in radeon driver which can result
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-binfmt_elf-dump-privelage.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-binfmt_elf-dump-privelage.dpatch 2005-05-12 05:58:57 UTC (rev 3044)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-binfmt_elf-dump-privelage.dpatch 2005-05-12 07:29:22 UTC (rev 3045)
@@ -0,0 +1,58 @@
+# origin: gregkh (BitKeeper)
+# cset: 1.2139 (2.6) key=4282874aplNy__uGtYtIace0iYmemQ
+# URL: http://linux.bkbits.net:8080/linux-2.6/cset@4282874aplNy__uGtYtIace0iYmemQ
+# inclusion: upstream
+# descrition: [PATCH] fix Linux kernel ELF core dump privilege elevation
+# revision date: Thu, 12 May 2005 16:14:03 +0900
+#
+# S rset: ChangeSet|1.2138..1.2139
+# I rset: fs/binfmt_elf.c|1.104..1.105
+#
+# Key:
+# S: Skipped ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted Manually deleted by subsequent user edit
+# R: Revised Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/05/11 15:29:30-07:00 gregkh@suse.de
+# [PATCH] fix Linux kernel ELF core dump privilege elevation
+#
+# As reported by Paul Starzetz <ihaquer@isec.pl>
+#
+# Reference: CAN-2005-1263
+#
+# Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+#
+# fs/binfmt_elf.c
+# 2005/05/11 11:15:50-07:00 gregkh@suse.de +2 -2
+# fix Linux kernel ELF core dump privilege elevation
+#
+#
+===== fs/binfmt_elf.c 1.104 vs 1.105 =====
+--- 1.104/fs/binfmt_elf.c 2005-03-21 09:56:41 +09:00
++++ 1.105/fs/binfmt_elf.c 2005-05-12 03:15:50 +09:00
+@@ -257,7 +257,7 @@ create_elf_tables(struct linux_binprm *b
+ }
+
+ /* Populate argv and envp */
+- p = current->mm->arg_start;
++ p = current->mm->arg_end = current->mm->arg_start;
+ while (argc-- > 0) {
+ size_t len;
+ __put_user((elf_addr_t)p, argv++);
+@@ -1279,7 +1279,7 @@ static void fill_prstatus(struct elf_prs
+ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
+ struct mm_struct *mm)
+ {
+- int i, len;
++ unsigned int i, len;
+
+ /* first copy the parameters from user space */
+ memset(psinfo, 0, sizeof(struct elf_prpsinfo));
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16 2005-05-12 05:58:57 UTC (rev 3044)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16 2005-05-12 07:29:22 UTC (rev 3045)
@@ -33,3 +33,4 @@
+ arch-sparc64-kernel-ptrace-cont-bogosity.dpatch
+ drivers-i2c-sysfs-permisions.dpatch
+ net-ipv4-fib_hash-crash.dpatch
++ fs-binfmt_elf-dump-privelage.dpatch