[kernel] r5358 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Sun Jan 8 21:13:44 UTC 2006

Author: dannf
Date: Sun Jan  8 21:13:38 2006
New Revision: 5358

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/201_ptrace-fix_self-attach_rule.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
Log:
* [SECURITY] Use the thread group ID to check if it a self-attach.  Fixes
  a local DoS (crash).  See CVE-2005-3783
  199_ptrace-fix_self-attach_rule.diff

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================

--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Sun Jan  8 21:13:38 2006
@@ -86,7 +86,11 @@
     Keep fragment queues private to each user. See CAN-2005-0449 and
     http://oss.sgi.com/archives/netdev/2005-01/msg01048.html
 
- -- Simon Horman <horms at verge.net.au>  Fri,  6 Jan 2006 14:54:46 +0900
+  * [SECURITY] Use the thread group ID to check if it a self-attach.  Fixes
+    a local DoS (crash).  See CVE-2005-3783
+    199_ptrace-fix_self-attach_rule.diff
+
+ -- dann frazier <dannf at debian.org>  Sun,  8 Jan 2006 14:07:11 -0700
 
 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/201_ptrace-fix_self-attach_rule.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/201_ptrace-fix_self-attach_rule.diff	Sun Jan  8 21:13:38 2006
@@ -0,0 +1,32 @@
+From: Linus Torvalds <torvalds at osdl.org>
+Date: Tue, 29 Nov 2005 10:38:30 +0000 (+0100)
+Subject: [PATCH] Fix ptrace self-attach rule (2.6 backport)
+X-Git-Tag: v2.4.33-pre1
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=6eaf7c8bfa4df71040936323f04ec145f095b1ea
+
+[PATCH] Fix ptrace self-attach rule (2.6 backport)
+
+Patch-mainline: v2.6.14.2
+Acked-by: Karsten Keil <kkeil at suse.de>
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commitdiff;h=082d52c56f642d21b771a13221068d40915a1409
+
+  [PATCH] Fix ptrace self-attach rule
+
+  Before we did CLONE_THREAD, the way to check whether we were attaching
+  to ourselves was to just check "current == task", but with CLONE_THREAD
+  we should check that the thread group ID matches instead.
+
+  Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+@@ -58,7 +58,7 @@ int ptrace_attach(struct task_struct *ta
+ 	task_lock(task);
+ 	if (task->pid <= 1)
+ 		goto bad;
+-	if (task == current)
++	if (task->tgid == current->tgid)
+ 		goto bad;
+ 	if (!task->mm)
+ 		goto bad;

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	Sun Jan  8 21:13:38 2006
@@ -14,3 +14,4 @@
 + 150_private_fragment_queues-2.diff
 + 199_net-ipv6-flowlabel-refcnt.diff
 + 200_net_sdla_xfer_leak.diff
++ 201_ptrace-fix_self-attach_rule.diff

