[kernel] r9404 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Wed Aug 29 06:32:11 UTC 2007

Author: dannf
Date: Wed Aug 29 06:32:11 2007
New Revision: 9404

Log:
* bugfix/reset-pdeathsig-on-suid-upstream.patch
  Update fix for CVE-2007-3848 with the patch accepted upstream

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid-upstream.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/13etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================

--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Wed Aug 29 06:32:11 2007
@@ -1,5 +1,7 @@
 linux-2.6 (2.6.18.dfsg.1-13etch2) UNRELEASED; urgency=low
 
+  * bugfix/reset-pdeathsig-on-suid-upstream.patch
+    Update fix for CVE-2007-3848 with the patch accepted upstream
   * bugfix/ipv4-fib_props-out-of-bounds.patch
     [SECURITY] Fix a typo which caused fib_props[] to be of the wrong size
     and check for out of bounds condition in index provided by userspace
@@ -21,7 +23,7 @@
     [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
     See CVE-2007-4308
 
- -- dann frazier <dannf at debian.org>  Mon, 27 Aug 2007 23:29:31 -0600
+ -- dann frazier <dannf at debian.org>  Wed, 29 Aug 2007 00:29:56 -0600
 
 linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid-upstream.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid-upstream.patch	Wed Aug 29 06:32:11 2007
@@ -0,0 +1,38 @@
+From: Marcel Holtmann <marcel at holtmann.org>
+Date: Fri, 17 Aug 2007 19:47:58 +0000 (+0200)
+Subject: Reset current->pdeath_signal on SUID binary execution
+X-Git-Tag: v2.6.23-rc4~134
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f
+
+Reset current->pdeath_signal on SUID binary execution
+
+This fixes a vulnerability in the "parent process death signal"
+implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd.
+and iSEC Security Research.
+
+http://marc.info/?l=bugtraq&m=118711306802632&w=2
+
+Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+diff -urpN linux-source-2.6.18.orig/fs/exec.c linux-source-2.6.18/fs/exec.c
+--- linux-source-2.6.18.orig/fs/exec.c	2007-08-11 08:55:05.000000000 -0600
++++ linux-source-2.6.18/fs/exec.c	2007-08-29 00:26:45.380758719 -0600
+@@ -883,11 +883,13 @@ int flush_old_exec(struct linux_binprm *
+ 	 */
+ 	current->mm->task_size = TASK_SIZE;
+ 
+-	if (bprm->e_uid != current->euid || bprm->e_gid != current->egid || 
+-	    file_permission(bprm->file, MAY_READ) ||
+-	    (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
++	if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
+ 		suid_keys(current);
++		set_dumpable(current->mm, suid_dumpable);
+ 		current->pdeath_signal = 0;
++	} else if (file_permission(bprm->file, MAY_READ) ||
++			(bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
++		suid_keys(current);
+ 		current->mm->dumpable = suid_dumpable;
+ 	}
+ 

Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch1	Wed Aug 29 06:32:11 2007
@@ -1,3 +1,5 @@
+- bugfix/reset-pdeathsig-on-suid.patch
++ bugfix/reset-pdeathsig-on-suid-upstream.patch
 + bugfix/bluetooth-l2cap-hci-info-leaks.patch
 + bugfix/usblcd-limit-memory-consumption.patch
 + bugfix/pppoe-socket-release-mem-leak.patch

