[kernel] r7179 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Thu Aug 17 06:05:06 UTC 2006
Author: dannf
Date: Thu Aug 17 06:05:04 2006
New Revision: 7179
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/selinux-tracer-SID-fix.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
Log:
* selinux-tracer-SID-fix.dpatch
[SECURITY] Fix vulnerability in selinux_ptrace that prevents local
users from changing the tracer SID to the SID of another process
See CVE-2006-1052
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Thu Aug 17 06:05:04 2006
@@ -19,8 +19,12 @@
crafted DVD, USB stick, or similar automatically mounted device.
See CVE-2006-2935
* usb-serial-ftdi_sio-dos.patch: fix userspace DoS in ftdi_sio driver
+ * selinux-tracer-SID-fix.dpatch
+ [SECURITY] Fix vulnerability in selinux_ptrace that prevents local
+ users from changing the tracer SID to the SID of another process
+ See CVE-2006-1052
- -- dann frazier <dannf at debian.org> Wed, 16 Aug 2006 21:28:23 -0600
+ -- dann frazier <dannf at debian.org> Thu, 17 Aug 2006 00:00:32 -0600
kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/selinux-tracer-SID-fix.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/selinux-tracer-SID-fix.dpatch Thu Aug 17 06:05:04 2006
@@ -0,0 +1,30 @@
+From: Stephen Smalley <sds at tycho.nsa.gov>
+Date: Sat, 11 Mar 2006 11:27:16 +0000 (-0800)
+Subject: [PATCH] selinux: tracer SID fix
+X-Git-Tag: v2.6.16-rc6
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=341c2d806b71cc3596afeb2d9bd26cd718e75202
+
+[PATCH] selinux: tracer SID fix
+
+Fix SELinux to not reset the tracer SID when the child is already being
+traced, since selinux_ptrace is also called by proc for access checking
+outside of the context of a ptrace attach.
+
+Signed-off-by: Stephen Smalley <sds at tycho.nsa.gov>
+Acked-by: James Morris <jmorris at namei.org>
+Acked-by: Chris Wright <chrisw at sous-sol.org>
+Signed-off-by: Andrew Morton <akpm at osdl.org>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -1262,7 +1262,7 @@ static int selinux_ptrace(struct task_st
+
+ rc = task_has_perm(parent, child, PROCESS__PTRACE);
+ /* Save the SID of the tracing process for later use in apply_creds. */
+- if (!rc)
++ if (!(child->ptrace & PT_PTRACED) && !rc)
+ csec->ptrace_sid = psec->sid;
+ return rc;
+ }
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 Thu Aug 17 06:05:04 2006
@@ -3,3 +3,4 @@
+ nfs-handle-long-symlinks.dpatch
+ cdrom-bad-cgc.buflen-assign.dpatch
+ usb-serial-ftdi_sio-dos.dpatch
++ selinux-tracer-SID-fix.dpatch
More information about the Kernel-svn-changes
mailing list