[kernel] r7240 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Sun Aug 27 02:46:03 UTC 2006 

Author: dannf
Date: Sun Aug 27 02:46:02 2006
New Revision: 7240

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check-compat.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5

Log:
* readv-writev-missing-lsm-check.dpatch,
  readv-writev-missing-lsm-check-compat.dpatch
  [SECURITY] Add missing file_permission callback in readv/writev syscalls
  See CVE-2006-1856

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sun Aug 27 02:46:02 2006
@@ -36,8 +36,12 @@
     [SECURITY] Remove bogus BUG() in exit.c which could be maliciously
     triggered by a local user
     See CVE-2006-1855
+  * readv-writev-missing-lsm-check.dpatch,
+    readv-writev-missing-lsm-check-compat.dpatch
+    [SECURITY] Add missing file_permission callback in readv/writev syscalls
+    See CVE-2006-1856
 
- -- dann frazier <dannf at debian.org>  Thu, 17 Aug 2006 01:10:52 -0600
+ -- dann frazier <dannf at debian.org>  Sat, 26 Aug 2006 20:40:31 -0600
 
 kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check-compat.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check-compat.dpatch	Sun Aug 27 02:46:02 2006
@@ -0,0 +1,35 @@
+From: James Morris <jmorris at namei.org>
+Date: Wed, 26 Apr 2006 06:45:03 +0000 (-0400)
+Subject: [PATCH] LSM: add missing hook to do_compat_readv_writev()
+X-Git-Tag: v2.6.17-rc3
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e7edf9cdeddc0cff125e8e658216efb2ff2b2219
+
+[PATCH] LSM: add missing hook to do_compat_readv_writev()
+
+This patch addresses a flaw in LSM, where there is no mediation of readv()
+and writev() in for 32-bit compatible apps using a 64-bit kernel.
+
+This bug was discovered and fixed initially in the native readv/writev
+code [1], but was not fixed in the compat code.  Thanks to Al for spotting
+this one.
+
+  [1] http://lwn.net/Articles/154282/
+
+Signed-off-by: James Morris <jmorris at namei.org>
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/fs/compat.c
++++ b/fs/compat.c
+@@ -1217,6 +1217,10 @@ static ssize_t compat_do_readv_writev(in
+ 	if (ret < 0)
+ 		goto out;
+ 
++	ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE);
++	if (ret)
++		goto out;
++
+ 	fnv = NULL;
+ 	if (type == READ) {
+ 		fn = file->f_op->read;

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check.dpatch	Sun Aug 27 02:46:02 2006
@@ -0,0 +1,33 @@
+From: Kostik Belousov <kostikbel at gmail.com>
+Date: Wed, 28 Sep 2005 15:21:28 +0000 (+0300)
+Subject: [PATCH] readv/writev syscalls are not checked by lsm
+X-Git-Tag: v2.6.14-rc3
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=411b67b4b6a4dd1e0292a6a58dd753978179d173
+
+[PATCH] readv/writev syscalls are not checked by lsm
+
+it seems that readv(2)/writev(2) syscalls do not call
+file_permission callback. Looks like this is overlook.
+
+I have filled the issue into redhat bugzilla as
+https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169433
+and got the recommendation to post this on lsm mailing list.
+
+The following trivial patch solves the problem.
+
+Signed-off-by: Kostik Belousov <kostikbel at gmail.com>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+---
+
+--- a/fs/read_write.c
++++ b/fs/read_write.c
+@@ -499,6 +499,9 @@ static ssize_t do_readv_writev(int type,
+ 	ret = rw_verify_area(type, file, pos, tot_len);
+ 	if (ret)
+ 		goto out;
++	ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
++	if (ret)
++		goto out;
+ 
+ 	fnv = NULL;
+ 	if (type == READ) {

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5	Sun Aug 27 02:46:02 2006
@@ -7,3 +7,5 @@
 + netfilter-SO_ORIGINAL_DST-leak.dpatch
 + sg-no-mmap-VM_IO.dpatch
 + exit-bogus-bugon.dpatch
++ readv-writev-missing-lsm-check.dpatch
++ readv-writev-missing-lsm-check-compat.dpatch

More information about the Kernel-svn-changes mailing list