[kernel] r7240 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Sun Aug 27 02:46:03 UTC 2006
Author: dannf
Date: Sun Aug 27 02:46:02 2006
New Revision: 7240
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check-compat.dpatch
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
Log:
* readv-writev-missing-lsm-check.dpatch,
readv-writev-missing-lsm-check-compat.dpatch
[SECURITY] Add missing file_permission callback in readv/writev syscalls
See CVE-2006-1856
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Sun Aug 27 02:46:02 2006
@@ -36,8 +36,12 @@
[SECURITY] Remove bogus BUG() in exit.c which could be maliciously
triggered by a local user
See CVE-2006-1855
+ * readv-writev-missing-lsm-check.dpatch,
+ readv-writev-missing-lsm-check-compat.dpatch
+ [SECURITY] Add missing file_permission callback in readv/writev syscalls
+ See CVE-2006-1856
- -- dann frazier <dannf at debian.org> Thu, 17 Aug 2006 01:10:52 -0600
+ -- dann frazier <dannf at debian.org> Sat, 26 Aug 2006 20:40:31 -0600
kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check-compat.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check-compat.dpatch Sun Aug 27 02:46:02 2006
@@ -0,0 +1,35 @@
+From: James Morris <jmorris at namei.org>
+Date: Wed, 26 Apr 2006 06:45:03 +0000 (-0400)
+Subject: [PATCH] LSM: add missing hook to do_compat_readv_writev()
+X-Git-Tag: v2.6.17-rc3
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e7edf9cdeddc0cff125e8e658216efb2ff2b2219
+
+[PATCH] LSM: add missing hook to do_compat_readv_writev()
+
+This patch addresses a flaw in LSM, where there is no mediation of readv()
+and writev() in for 32-bit compatible apps using a 64-bit kernel.
+
+This bug was discovered and fixed initially in the native readv/writev
+code [1], but was not fixed in the compat code. Thanks to Al for spotting
+this one.
+
+ [1] http://lwn.net/Articles/154282/
+
+Signed-off-by: James Morris <jmorris at namei.org>
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/fs/compat.c
++++ b/fs/compat.c
+@@ -1217,6 +1217,10 @@ static ssize_t compat_do_readv_writev(in
+ if (ret < 0)
+ goto out;
+
++ ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE);
++ if (ret)
++ goto out;
++
+ fnv = NULL;
+ if (type == READ) {
+ fn = file->f_op->read;
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/readv-writev-missing-lsm-check.dpatch Sun Aug 27 02:46:02 2006
@@ -0,0 +1,33 @@
+From: Kostik Belousov <kostikbel at gmail.com>
+Date: Wed, 28 Sep 2005 15:21:28 +0000 (+0300)
+Subject: [PATCH] readv/writev syscalls are not checked by lsm
+X-Git-Tag: v2.6.14-rc3
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=411b67b4b6a4dd1e0292a6a58dd753978179d173
+
+[PATCH] readv/writev syscalls are not checked by lsm
+
+it seems that readv(2)/writev(2) syscalls do not call
+file_permission callback. Looks like this is overlook.
+
+I have filled the issue into redhat bugzilla as
+https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169433
+and got the recommendation to post this on lsm mailing list.
+
+The following trivial patch solves the problem.
+
+Signed-off-by: Kostik Belousov <kostikbel at gmail.com>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+---
+
+--- a/fs/read_write.c
++++ b/fs/read_write.c
+@@ -499,6 +499,9 @@ static ssize_t do_readv_writev(int type,
+ ret = rw_verify_area(type, file, pos, tot_len);
+ if (ret)
+ goto out;
++ ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
++ if (ret)
++ goto out;
+
+ fnv = NULL;
+ if (type == READ) {
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 Sun Aug 27 02:46:02 2006
@@ -7,3 +7,5 @@
+ netfilter-SO_ORIGINAL_DST-leak.dpatch
+ sg-no-mmap-VM_IO.dpatch
+ exit-bogus-bugon.dpatch
++ readv-writev-missing-lsm-check.dpatch
++ readv-writev-missing-lsm-check-compat.dpatch
More information about the Kernel-svn-changes
mailing list