[kernel] r7006 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Sat Jul 15 08:20:34 UTC 2006 

Author: dannf
Date: Sat Jul 15 08:20:30 2006
New Revision: 7006

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-1.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-2.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge4
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog

Log:
* proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
  [SECURITY] Fix local root vulnerability caused by a race in proc
  See CVE-2006-3626

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sat Jul 15 08:20:30 2006
@@ -1,3 +1,11 @@
+kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
+
+  * proc-environ-race-1.dpatch, proc-environ-race-2.dpatch
+    [SECURITY] Fix local root vulnerability caused by a race in proc
+    See CVE-2006-3626
+
+ -- dann frazier <dannf at debian.org>  Sat, 15 Jul 2006 02:03:51 -0600
+
 kernel-source-2.6.8 (2.6.8-16sarge3) stable-security; urgency=high
 
   * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-1.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-1.dpatch	Sat Jul 15 08:20:30 2006
@@ -0,0 +1,25 @@
+From: Linus Torvalds <torvalds at g5.osdl.org>
+Date: Fri, 14 Jul 2006 23:51:34 +0000 (-0700)
+Subject: Fix nasty /proc vulnerability
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=18b0bbd8ca6d3cb90425aa0d77b99a762c6d6de3
+
+Fix nasty /proc vulnerability
+
+We have a bad interaction with both the kernel and user space being able
+to change some of the /proc file status.  This fixes the most obvious
+part of it, but I expect we'll also make it harder for users to modify
+even their "own" files in /proc.
+
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -1338,6 +1338,7 @@ static int pid_revalidate(struct dentry 
+ 		} else {
+ 			inode->i_uid = 0;
+ 			inode->i_gid = 0;
++			inode->i_mode = 0;
+ 		}
+ 		security_task_to_inode(task, inode);
+ 		put_task_struct(task);

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-2.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/proc-environ-race-2.dpatch	Sat Jul 15 08:20:30 2006
@@ -0,0 +1,35 @@
+From: Linus Torvalds <torvalds at g5.osdl.org>
+Date: Sat, 15 Jul 2006 04:48:03 +0000 (-0700)
+Subject: Relax /proc fix a bit
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ee8ab9fbf21e6b87ad227cd46c0a4be41ab749b
+
+Relax /proc fix a bit
+
+Clearign all of i_mode was a bit draconian. We only really care about
+S_ISUID/ISGID, after all.
+
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at hp.com>
+diff -uprN kernel-source-2.6.8-2.6.8.orig/fs/proc/base.c kernel-source-2.6.8-2.6.8/fs/proc/base.c
+--- kernel-source-2.6.8-2.6.8.orig/fs/proc/base.c	2006-07-15 02:10:35.000000000 -0600
++++ kernel-source-2.6.8-2.6.8/fs/proc/base.c	2006-07-15 02:12:25.000000000 -0600
+@@ -988,8 +988,8 @@ static int pid_revalidate(struct dentry 
+ 		} else {
+ 			inode->i_uid = 0;
+ 			inode->i_gid = 0;
+-			inode->i_mode = 0;
+ 		}
++		inode->i_mode &= ~(S_ISUID | S_ISGID);
+ 		security_task_to_inode(task, inode);
+ 		return 1;
+ 	}
+@@ -1017,6 +1017,7 @@ static int tid_fd_revalidate(struct dent
+ 				inode->i_uid = 0;
+ 				inode->i_gid = 0;
+ 			}
++			inode->i_mode &= ~(S_ISUID | S_ISGID);
+ 			security_task_to_inode(task, inode);
+ 			return 1;
+ 		}

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge4
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge4	Sat Jul 15 08:20:30 2006
@@ -0,0 +1,2 @@
++ proc-environ-race-1.dpatch
++ proc-environ-race-2.dpatch

More information about the Kernel-svn-changes mailing list