[kernel] r9342 - in dists/sid/linux-2.6/debian: . patches/bugfix patches/series
Maximilian Attems
maks at alioth.debian.org
Tue Aug 21 09:08:41 UTC 2007
Author: maks
Date: Tue Aug 21 09:08:41 2007
New Revision: 9342
Log:
add stable 2.6.22.4, .5 is pending
Added:
dists/sid/linux-2.6/debian/patches/bugfix/2.6.22.4
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/4
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Tue Aug 21 09:08:41 2007
@@ -113,11 +113,13 @@
- ata_piix: update map 10b for ich8m
- CPUFREQ: ondemand: fix tickless accounting and software coordination bug
- CPUFREQ: ondemand: add a check to avoid negative load calculation
+ * Add stable release 2.6.22.4:
+ - Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)
[ dann frazier ]
* [ia64] Restore config cleanup now that its safe to break the ABI
- -- dann frazier <dannf at debian.org> Mon, 20 Aug 2007 16:21:10 -0600
+ -- maximilian attems <maks at debian.org> Tue, 21 Aug 2007 11:03:41 +0200
linux-2.6 (2.6.22-3) unstable; urgency=low
Added: dists/sid/linux-2.6/debian/patches/bugfix/2.6.22.4
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/2.6.22.4 Tue Aug 21 09:08:41 2007
@@ -0,0 +1,32 @@
+diff --git a/fs/exec.c b/fs/exec.c
+index f20561f..9a93770 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -890,9 +890,12 @@ int flush_old_exec(struct linux_binprm * bprm)
+ */
+ current->mm->task_size = TASK_SIZE;
+
+- if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
+- file_permission(bprm->file, MAY_READ) ||
+- (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
++ if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
++ suid_keys(current);
++ current->mm->dumpable = suid_dumpable;
++ current->pdeath_signal = 0;
++ } else if (file_permission(bprm->file, MAY_READ) ||
++ (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
+ suid_keys(current);
+ current->mm->dumpable = suid_dumpable;
+ }
+@@ -983,8 +986,10 @@ void compute_creds(struct linux_binprm *bprm)
+ {
+ int unsafe;
+
+- if (bprm->e_uid != current->uid)
++ if (bprm->e_uid != current->uid) {
+ suid_keys(current);
++ current->pdeath_signal = 0;
++ }
+ exec_keys(current);
+
+ task_lock(current);
Modified: dists/sid/linux-2.6/debian/patches/series/4
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/4 (original)
+++ dists/sid/linux-2.6/debian/patches/series/4 Tue Aug 21 09:08:41 2007
@@ -30,3 +30,4 @@
+ bugfix/sparc/sun4u-pci-config-space.patch
+ bugfix/2.6.22.2
+ bugfix/2.6.22.3
++ bugfix/2.6.22.4
More information about the Kernel-svn-changes
mailing list