[kernel] r9404 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Aug 29 06:32:11 UTC 2007
Author: dannf
Date: Wed Aug 29 06:32:11 2007
New Revision: 9404
Log:
* bugfix/reset-pdeathsig-on-suid-upstream.patch
Update fix for CVE-2007-3848 with the patch accepted upstream
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid-upstream.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/13etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Aug 29 06:32:11 2007
@@ -1,5 +1,7 @@
linux-2.6 (2.6.18.dfsg.1-13etch2) UNRELEASED; urgency=low
+ * bugfix/reset-pdeathsig-on-suid-upstream.patch
+ Update fix for CVE-2007-3848 with the patch accepted upstream
* bugfix/ipv4-fib_props-out-of-bounds.patch
[SECURITY] Fix a typo which caused fib_props[] to be of the wrong size
and check for out of bounds condition in index provided by userspace
@@ -21,7 +23,7 @@
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
- -- dann frazier <dannf at debian.org> Mon, 27 Aug 2007 23:29:31 -0600
+ -- dann frazier <dannf at debian.org> Wed, 29 Aug 2007 00:29:56 -0600
linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid-upstream.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid-upstream.patch Wed Aug 29 06:32:11 2007
@@ -0,0 +1,38 @@
+From: Marcel Holtmann <marcel at holtmann.org>
+Date: Fri, 17 Aug 2007 19:47:58 +0000 (+0200)
+Subject: Reset current->pdeath_signal on SUID binary execution
+X-Git-Tag: v2.6.23-rc4~134
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f
+
+Reset current->pdeath_signal on SUID binary execution
+
+This fixes a vulnerability in the "parent process death signal"
+implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd.
+and iSEC Security Research.
+
+http://marc.info/?l=bugtraq&m=118711306802632&w=2
+
+Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+diff -urpN linux-source-2.6.18.orig/fs/exec.c linux-source-2.6.18/fs/exec.c
+--- linux-source-2.6.18.orig/fs/exec.c 2007-08-11 08:55:05.000000000 -0600
++++ linux-source-2.6.18/fs/exec.c 2007-08-29 00:26:45.380758719 -0600
+@@ -883,11 +883,13 @@ int flush_old_exec(struct linux_binprm *
+ */
+ current->mm->task_size = TASK_SIZE;
+
+- if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
+- file_permission(bprm->file, MAY_READ) ||
+- (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
++ if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
+ suid_keys(current);
++ set_dumpable(current->mm, suid_dumpable);
+ current->pdeath_signal = 0;
++ } else if (file_permission(bprm->file, MAY_READ) ||
++ (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
++ suid_keys(current);
+ current->mm->dumpable = suid_dumpable;
+ }
+
Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch1 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch1 Wed Aug 29 06:32:11 2007
@@ -1,3 +1,5 @@
+- bugfix/reset-pdeathsig-on-suid.patch
++ bugfix/reset-pdeathsig-on-suid-upstream.patch
+ bugfix/bluetooth-l2cap-hci-info-leaks.patch
+ bugfix/usblcd-limit-memory-consumption.patch
+ bugfix/pppoe-socket-release-mem-leak.patch
More information about the Kernel-svn-changes
mailing list