[kernel] r4849 - in dists/sid/linux-2.6/debian: . patches-debian patches-debian/series

Dann Frazier dannf at costa.debian.org
Sun Nov 20 07:26:14 UTC 2005 

Author: dannf
Date: Sun Nov 20 07:26:13 2005
New Revision: 4849

Added:
   dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4
   dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-1.patch
   dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-2.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
Log:
* setkeys-needs-root-1.patch, setkeys-needs-root-2.patch:
  [SECURITY] Require root privilege to write the current
  function key string entry of other user's terminals.
  See CVE-2005-3257 (Closes: #334113)

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Sun Nov 20 07:26:13 2005
@@ -1,3 +1,12 @@
+linux-2.6 (2.6.14-4) UNRELEASED; urgency=low
+
+  * setkeys-needs-root-1.patch, setkeys-needs-root-2.patch:
+    [SECURITY] Require root privilege to write the current
+    function key string entry of other user's terminals.
+    See CVE-2005-3257 (Closes: #334113)
+
+ -- dann frazier <dannf at debian.org>  Sun, 20 Nov 2005 00:15:31 -0700
+
 linux-2.6 (2.6.14-3) unstable; urgency=low
 
   [ Norbert Tretkowski ]

Added: dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4	Sun Nov 20 07:26:13 2005
@@ -0,0 +1,2 @@
++ setkeys-needs-root-1.patch
++ setkeys-needs-root-2.patch

Added: dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-1.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-1.patch	Sun Nov 20 07:26:13 2005
@@ -0,0 +1,27 @@
+From: Andrew Morton <akpm at osdl.org>
+Date: Sun, 30 Oct 2005 23:03:02 +0000 (-0800)
+Subject:     [PATCH] setkeys needs root
+X-Git-Tag: v2.6.15-rc1
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
+
+  [PATCH] setkeys needs root
+  
+  Because people can play games reprogramming keys and leaving traps for the
+  next user of the console.
+  
+  Signed-off-by: Andrew Morton <akpm at osdl.org>
+  Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/drivers/char/vt_ioctl.c
++++ b/drivers/char/vt_ioctl.c
+@@ -192,6 +192,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry 
+ 	int i, j, k;
+ 	int ret;
+ 
++	if (!capable(CAP_SYS_TTY_CONFIG))
++		return -EPERM;
++
+ 	kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
+ 	if (!kbs) {
+ 		ret = -ENOMEM;

Added: dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-2.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-2.patch	Sun Nov 20 07:26:13 2005
@@ -0,0 +1,37 @@
+From: Marcelo Tosatti <marcelo.tosatti at cyclades.com>
+Date: Mon, 7 Nov 2005 08:59:34 +0000 (-0800)
+Subject:     [PATCH] Only disallow _setting_ of function key string
+X-Git-Tag: v2.6.15-rc1
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e3f17f0f6e98f58edb13cb38810d93e6d4808e68
+
+  [PATCH] Only disallow _setting_ of function key string
+  
+  Mikael Pettersson <mikpe at csd.uu.se> noted that the current 2.6-git (and 2.4)
+  patch to disallow KDSKBSENT for unpriviledged users should be less restrictive
+  allowing reading of current function key string entry, but not writing.
+  
+  Signed-off-by: Andrew Morton <akpm at osdl.org>
+  Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/drivers/char/vt_ioctl.c
++++ b/drivers/char/vt_ioctl.c
+@@ -80,6 +80,9 @@ do_kdsk_ioctl(int cmd, struct kbentry __
+ 	if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
+ 		return -EFAULT;
+ 
++	if (!capable(CAP_SYS_TTY_CONFIG))
++		perm = 0;
++
+ 	switch (cmd) {
+ 	case KDGKBENT:
+ 		key_map = key_maps[s];
+@@ -193,7 +196,7 @@ do_kdgkb_ioctl(int cmd, struct kbsentry 
+ 	int ret;
+ 
+ 	if (!capable(CAP_SYS_TTY_CONFIG))
+-		return -EPERM;
++		perm = 0;
+ 
+ 	kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
+ 	if (!kbs) {

More information about the Kernel-svn-changes mailing list