[kernel] r4849 - in dists/sid/linux-2.6/debian: . patches-debian
patches-debian/series
Dann Frazier
dannf at costa.debian.org
Sun Nov 20 07:26:14 UTC 2005
Author: dannf
Date: Sun Nov 20 07:26:13 2005
New Revision: 4849
Added:
dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4
dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-1.patch
dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-2.patch
Modified:
dists/sid/linux-2.6/debian/changelog
Log:
* setkeys-needs-root-1.patch, setkeys-needs-root-2.patch:
[SECURITY] Require root privilege to write the current
function key string entry of other user's terminals.
See CVE-2005-3257 (Closes: #334113)
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Sun Nov 20 07:26:13 2005
@@ -1,3 +1,12 @@
+linux-2.6 (2.6.14-4) UNRELEASED; urgency=low
+
+ * setkeys-needs-root-1.patch, setkeys-needs-root-2.patch:
+ [SECURITY] Require root privilege to write the current
+ function key string entry of other user's terminals.
+ See CVE-2005-3257 (Closes: #334113)
+
+ -- dann frazier <dannf at debian.org> Sun, 20 Nov 2005 00:15:31 -0700
+
linux-2.6 (2.6.14-3) unstable; urgency=low
[ Norbert Tretkowski ]
Added: dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4 Sun Nov 20 07:26:13 2005
@@ -0,0 +1,2 @@
++ setkeys-needs-root-1.patch
++ setkeys-needs-root-2.patch
Added: dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-1.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-1.patch Sun Nov 20 07:26:13 2005
@@ -0,0 +1,27 @@
+From: Andrew Morton <akpm at osdl.org>
+Date: Sun, 30 Oct 2005 23:03:02 +0000 (-0800)
+Subject: [PATCH] setkeys needs root
+X-Git-Tag: v2.6.15-rc1
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b360adbdb54d5b98b78d57ba0916bc4b8871968
+
+ [PATCH] setkeys needs root
+
+ Because people can play games reprogramming keys and leaving traps for the
+ next user of the console.
+
+ Signed-off-by: Andrew Morton <akpm at osdl.org>
+ Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/drivers/char/vt_ioctl.c
++++ b/drivers/char/vt_ioctl.c
+@@ -192,6 +192,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
+ int i, j, k;
+ int ret;
+
++ if (!capable(CAP_SYS_TTY_CONFIG))
++ return -EPERM;
++
+ kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
+ if (!kbs) {
+ ret = -ENOMEM;
Added: dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-2.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/setkeys-needs-root-2.patch Sun Nov 20 07:26:13 2005
@@ -0,0 +1,37 @@
+From: Marcelo Tosatti <marcelo.tosatti at cyclades.com>
+Date: Mon, 7 Nov 2005 08:59:34 +0000 (-0800)
+Subject: [PATCH] Only disallow _setting_ of function key string
+X-Git-Tag: v2.6.15-rc1
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e3f17f0f6e98f58edb13cb38810d93e6d4808e68
+
+ [PATCH] Only disallow _setting_ of function key string
+
+ Mikael Pettersson <mikpe at csd.uu.se> noted that the current 2.6-git (and 2.4)
+ patch to disallow KDSKBSENT for unpriviledged users should be less restrictive
+ allowing reading of current function key string entry, but not writing.
+
+ Signed-off-by: Andrew Morton <akpm at osdl.org>
+ Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/drivers/char/vt_ioctl.c
++++ b/drivers/char/vt_ioctl.c
+@@ -80,6 +80,9 @@ do_kdsk_ioctl(int cmd, struct kbentry __
+ if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
+ return -EFAULT;
+
++ if (!capable(CAP_SYS_TTY_CONFIG))
++ perm = 0;
++
+ switch (cmd) {
+ case KDGKBENT:
+ key_map = key_maps[s];
+@@ -193,7 +196,7 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
+ int ret;
+
+ if (!capable(CAP_SYS_TTY_CONFIG))
+- return -EPERM;
++ perm = 0;
+
+ kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
+ if (!kbs) {
More information about the Kernel-svn-changes
mailing list