[kernel] r9544 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Tue Sep 25 05:05:38 UTC 2007 

Author: dannf
Date: Tue Sep 25 05:05:38 2007
New Revision: 9544

Log:
* bugfix/cifs-honor-umask.patch
  [SECURITY] Make CIFS honor a process' umask
  See CVE-2007-3740

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/cifs-honor-umask.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/13etch3

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Sep 25 05:05:38 2007
@@ -10,8 +10,11 @@
     [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
     into address space reserved for hugetlb pages.
     See CVE-2007-3739
+  * bugfix/cifs-honor-umask.patch
+    [SECURITY] Make CIFS honor a process' umask
+    See CVE-2007-3740
 
- -- dann frazier <dannf at debian.org>  Fri, 21 Sep 2007 10:36:12 -0600
+ -- dann frazier <dannf at debian.org>  Mon, 24 Sep 2007 23:05:05 -0600
 
 linux-2.6 (2.6.18.dfsg.1-13etch2) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/cifs-honor-umask.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/cifs-honor-umask.patch	Tue Sep 25 05:05:38 2007
@@ -0,0 +1,81 @@
+From: Steve French <sfrench at us.ibm.com>
+Date: Fri, 8 Jun 2007 14:55:14 +0000 (+0000)
+Subject: [CIFS] CIFS should honour umask
+X-Git-Tag: v2.6.22-rc5~50^2
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=3ce53fc4c57603d99c330a6ee2fe96d94f2d350f
+
+[CIFS] CIFS should honour umask
+
+This patch makes CIFS honour a process' umask like other filesystems.
+Of course the server is still free to munge the permissions if it wants
+to; but the client will send the "right" permissions to begin with.
+
+A few caveats:
+
+1) It only applies to filesystems that have CAP_UNIX (aka support unix
+extensions)
+2) It applies the correct mode to the follow up CIFSSMBUnixSetPerms()
+after remote creation
+
+When mode to CIFS/NTFS ACL mapping is complete we can do the
+same thing for that case for servers which do not
+support the Unix Extensions.
+
+Signed-off-by: Matt Keenen <matt at opcode-solutions.com>
+Signed-off-by: Steve French <sfrench at us.ibm.com>
+---
+
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/fs/cifs/dir.c linux-source-2.6.18/fs/cifs/dir.c
+--- linux-source-2.6.18.orig/fs/cifs/dir.c	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/fs/cifs/dir.c	2007-09-24 22:49:29.509100350 -0600
+@@ -199,7 +199,8 @@ cifs_create(struct inode *inode, struct 
+ 		/* If Open reported that we actually created a file
+ 		then we now have to set the mode if possible */
+ 		if ((cifs_sb->tcon->ses->capabilities & CAP_UNIX) &&
+-			(oplock & CIFS_CREATE_ACTION))
++			(oplock & CIFS_CREATE_ACTION)) {
++			mode &= ~current->fs->umask;
+ 			if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
+ 				CIFSSMBUnixSetPerms(xid, pTcon, full_path, mode,
+ 					(__u64)current->fsuid,
+@@ -217,7 +218,7 @@ cifs_create(struct inode *inode, struct 
+ 					cifs_sb->mnt_cifs_flags & 
+ 						CIFS_MOUNT_MAP_SPECIAL_CHR);
+ 			}
+-		else {
++		} else {
+ 			/* BB implement mode setting via Windows security descriptors */
+ 			/* eg CIFSSMBWinSetPerms(xid,pTcon,full_path,mode,-1,-1,local_nls);*/
+ 			/* could set r/o dos attribute if mode & 0222 == 0 */
+@@ -325,6 +326,7 @@ int cifs_mknod(struct inode *inode, stru
+ 	if(full_path == NULL)
+ 		rc = -ENOMEM;
+ 	else if (pTcon->ses->capabilities & CAP_UNIX) {
++		mode &= ~current->fs->umask;
+ 		if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
+ 			rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path,
+ 				mode,(__u64)current->fsuid,(__u64)current->fsgid,
+diff -urpN linux-source-2.6.18.orig/fs/cifs/inode.c linux-source-2.6.18/fs/cifs/inode.c
+--- linux-source-2.6.18.orig/fs/cifs/inode.c	2007-09-18 16:46:11.000000000 -0600
++++ linux-source-2.6.18/fs/cifs/inode.c	2007-09-24 22:50:34.825099389 -0600
+@@ -751,7 +751,8 @@ int cifs_mkdir(struct inode *inode, stru
+ 		d_instantiate(direntry, newinode);
+ 		if (direntry->d_inode)
+ 			direntry->d_inode->i_nlink = 2;
+-		if (cifs_sb->tcon->ses->capabilities & CAP_UNIX)
++		if (cifs_sb->tcon->ses->capabilities & CAP_UNIX) {
++			mode &= ~current->fs->umask;
+ 			if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
+ 				CIFSSMBUnixSetPerms(xid, pTcon, full_path,
+ 						    mode,
+@@ -769,7 +770,7 @@ int cifs_mkdir(struct inode *inode, stru
+ 						    cifs_sb->mnt_cifs_flags & 
+ 						    CIFS_MOUNT_MAP_SPECIAL_CHR);
+ 			}
+-		else {
++		} else {
+ 			/* BB to be implemented via Windows secrty descriptors
+ 			   eg CIFSSMBWinSetPerms(xid, pTcon, full_path, mode,
+ 						 -1, -1, local_nls); */

Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch3
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch3	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch3	Tue Sep 25 05:05:38 2007
@@ -1,3 +1,4 @@
 + bugfix/ptrace-handle-bogus-selector.patch
 + bugfix/fixup-trace_irq-breakage.patch
 + bugfix/prevent-stack-growth-into-hugetlb-region.patch
++ bugfix/cifs-honor-umask.patch

More information about the Kernel-svn-changes mailing list