[kernel] r4851 - in
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian:
. patches patches/series
Dann Frazier
dannf at costa.debian.org
Sun Nov 20 08:07:13 UTC 2005
Author: dannf
Date: Sun Nov 20 08:07:12 2005
New Revision: 4851
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_setkeys-needs-root-1.diff
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_setkeys-needs-root-2.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
Log:
* setkeys-needs-root-1.diff, setkeys-needs-root-2.diff:
[SECURITY] Require root privilege to write the current
function key string entry of other user's terminals.
See CVE-2005-3257
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sun Nov 20 08:07:12 2005
@@ -44,8 +44,13 @@
# * 196_sysctl-unregistration-oops.patch
# [SECURITY] Fix a potential local root exploit in the
# /proc/sys/net/ipv4/conf interface. See CVE-2005-2709
-
- -- dann frazier <dannf at debian.org> Fri, 18 Nov 2005 11:04:04 -0700
+
+ * setkeys-needs-root-1.diff, setkeys-needs-root-2.diff:
+ [SECURITY] Require root privilege to write the current
+ function key string entry of other user's terminals.
+ See CVE-2005-3257
+
+ -- dann frazier <dannf at debian.org> Sun, 20 Nov 2005 01:02:24 -0700
kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_setkeys-needs-root-1.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_setkeys-needs-root-1.diff Sun Nov 20 08:07:12 2005
@@ -0,0 +1,23 @@
+From: Andrew Morton <akpm at osdl.org>
+Date: Tue, 18 Oct 2005 04:41:48 +0000 (+0900)
+Subject: [PATCH] loadkeys requires root priviledges
+X-Git-Tag: v2.4.32-rc2
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=2afb6d8ea04e81a1547e8e51b7550a8fd69b9fce
+
+ [PATCH] loadkeys requires root priviledges
+
+ Signed-off-by: Andrew Morton <akpm at osdl.org>
+---
+
+--- a/drivers/char/vt.c
++++ b/drivers/char/vt.c
+@@ -276,6 +276,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
+ char *first_free, *fj, *fnw;
+ int i, j, k;
+
++ if (!capable(CAP_SYS_TTY_CONFIG))
++ return -EPERM;
++
+ /* we mostly copy too much here (512bytes), but who cares ;) */
+ if (copy_from_user(&tmp, user_kdgkb, sizeof(struct kbsentry)))
+ return -EFAULT;
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_setkeys-needs-root-2.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/197_setkeys-needs-root-2.diff Sun Nov 20 08:07:12 2005
@@ -0,0 +1,38 @@
+From: Marcelo Tosatti <marcelo.tosatti at cyclades.com>
+Date: Tue, 1 Nov 2005 16:03:08 +0000 (-0200)
+Subject: [PATCH] only disallow _setting_ of function key string
+X-Git-Tag: v2.4.32-rc3
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=f7d4ff67d9c7481f720885e5ec37111bb081921f
+
+ [PATCH] only disallow _setting_ of function key string
+
+ Mikael Pettersson <mikpe at csd.uu.se> noted that the current 2.6-git (and
+ 2.4) patch to disallow KDSKBSENT for unpriviledged users should be less
+ restrictive allowing reading of current function key string entry, but
+ not writing.
+
+ Signed-off-by: Marcelo Tosatti <marcelo.tosatti at cyclades.com>
+ Signed-off-by: Andrew Morton <akpm at osdl.org>
+---
+
+--- a/drivers/char/vt.c
++++ b/drivers/char/vt.c
+@@ -166,6 +166,9 @@ do_kdsk_ioctl(int cmd, struct kbentry *u
+ if (i >= NR_KEYS || s >= MAX_NR_KEYMAPS)
+ return -EINVAL;
+
++ if (!capable(CAP_SYS_TTY_CONFIG))
++ perm = 0;
++
+ switch (cmd) {
+ case KDGKBENT:
+ key_map = key_maps[s];
+@@ -277,7 +280,7 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
+ int i, j, k;
+
+ if (!capable(CAP_SYS_TTY_CONFIG))
+- return -EPERM;
++ perm = 0;
+
+ /* we mostly copy too much here (512bytes), but who cares ;) */
+ if (copy_from_user(&tmp, user_kdgkb, sizeof(struct kbsentry)))
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2 Sun Nov 20 08:07:12 2005
@@ -5,3 +5,5 @@
+ 194_xfs-inode-race.diff
+ 195_net-ipv6-udp_v6_get_port-loop.diff
# ABI CHANGE 196_sysctl-unregistration-oops.diff
++ 197_setkeys-needs-root-1.diff
++ 197_setkeys-needs-root-2.diff
More information about the Kernel-svn-changes
mailing list