[kernel] r7011 - in dists/sid/linux-2.6.16/debian: . patches
Martin Michlmayr
tbm at costa.debian.org
Sat Jul 15 10:25:09 UTC 2006
Author: tbm
Date: Sat Jul 15 10:25:06 2006
New Revision: 7011
Added:
dists/sid/linux-2.6.16/debian/patches/2.6.16.25
dists/sid/linux-2.6.16/debian/patches/relax-proc-fix.patch
Modified:
dists/sid/linux-2.6.16/debian/changelog
dists/sid/linux-2.6.16/debian/patches/series/17
Log:
Fix /proc vulnerability (CVE-2006-3626)
Modified: dists/sid/linux-2.6.16/debian/changelog
==============================================================================
--- dists/sid/linux-2.6.16/debian/changelog (original)
+++ dists/sid/linux-2.6.16/debian/changelog Sat Jul 15 10:25:06 2006
@@ -17,9 +17,12 @@
* Add stable release 2.6.16.23:
- revert PARPORT_SERIAL should depend on SERIAL_8250_PCI patch
- NETFILTER: SCTP conntrack: fix crash triggered by packet without
- chunks [CVE-2006-2934]
+ chunks (CVE-2006-2934)
* Add stable release 2.6.16.24:
- fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
+ * Add stable release 2.6.16.25:
+ - Fix nasty /proc vulnerability (CVE-2006-3626)
+ * Relax /proc fix a bit (Linus Torvalds)
* [arm/nslu2] Unset CONFIG_USB_STORAGE_DEBUG. Closes: #377853.
* [mips] SGI ip22 RTC was broken, fixed thanks to Julien Blache.
Added: dists/sid/linux-2.6.16/debian/patches/2.6.16.25
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6.16/debian/patches/2.6.16.25 Sat Jul 15 10:25:06 2006
@@ -0,0 +1,11 @@
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -1366,6 +1366,7 @@ static int pid_revalidate(struct dentry
+ } else {
+ inode->i_uid = 0;
+ inode->i_gid = 0;
++ inode->i_mode = 0;
+ }
+ security_task_to_inode(task, inode);
+ return 1;
+
Added: dists/sid/linux-2.6.16/debian/patches/relax-proc-fix.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6.16/debian/patches/relax-proc-fix.patch Sat Jul 15 10:25:06 2006
@@ -0,0 +1,33 @@
+From: Linus Torvalds <torvalds at g5.osdl.org>
+Date: Sat, 15 Jul 2006 04:48:03 +0000 (-0700)
+Subject: Relax /proc fix a bit
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ee8ab9fbf21e6b87ad227cd46c0a4be41ab749b
+
+Relax /proc fix a bit
+
+Clearign all of i_mode was a bit draconian. We only really care about
+S_ISUID/ISGID, after all.
+
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -1338,8 +1338,8 @@ static int pid_revalidate(struct dentry
+ } else {
+ inode->i_uid = 0;
+ inode->i_gid = 0;
+- inode->i_mode = 0;
+ }
++ inode->i_mode &= ~(S_ISUID | S_ISGID);
+ security_task_to_inode(task, inode);
+ put_task_struct(task);
+ return 1;
+@@ -1390,6 +1390,7 @@ static int tid_fd_revalidate(struct dent
+ inode->i_uid = 0;
+ inode->i_gid = 0;
+ }
++ inode->i_mode &= ~(S_ISUID | S_ISGID);
+ security_task_to_inode(task, inode);
+ put_task_struct(task);
+ return 1;
Modified: dists/sid/linux-2.6.16/debian/patches/series/17
==============================================================================
--- dists/sid/linux-2.6.16/debian/patches/series/17 (original)
+++ dists/sid/linux-2.6.16/debian/patches/series/17 Sat Jul 15 10:25:06 2006
@@ -4,3 +4,5 @@
+ 2.6.16.24
+ mips-ip22-rtcfix.patch
+ mips-ip22-serial-fix.patch
++ 2.6.16.25
++ relax-proc-fix.patch
More information about the Kernel-svn-changes
mailing list