[kernel] r10111 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Jan 15 23:46:19 UTC 2008
Author: dannf
Date: Tue Jan 15 23:46:19 2008
New Revision: 10111
Log:
* bugfix/vfs-use-access-mode-flag.patch
[SECURITY] Use the access mode flag instead of the open flag when
testing access mode for a directory.
See CVE-2008-0001
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/17etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Jan 15 23:46:19 2008
@@ -3,8 +3,12 @@
* bugfix/i4l-isdn_ioctl-mem-overrun.patch
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
+ * bugfix/vfs-use-access-mode-flag.patch
+ [SECURITY] Use the access mode flag instead of the open flag when
+ testing access mode for a directory.
+ See CVE-2008-0001
- -- dann frazier <dannf at debian.org> Sat, 05 Jan 2008 17:27:50 -0700
+ -- dann frazier <dannf at debian.org> Tue, 15 Jan 2008 16:44:15 -0700
linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch Tue Jan 15 23:46:19 2008
@@ -0,0 +1,52 @@
+From: Linus Torvalds <torvalds at woody.linux-foundation.org>
+Date: Sat, 12 Jan 2008 22:06:34 +0000 (-0800)
+Subject: Use access mode instead of open flags to determine needed permissions
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a
+
+Use access mode instead of open flags to determine needed permissions
+
+Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka
+"VFS: Allow the filesystem to return a full file pointer on open intent"
+to be exact), Trond changed the open logic to keep track of the original
+flags to a file open, in order to pass down the the intent of a dentry
+lookup to the low-level filesystem.
+
+However, when doing that reorganization, it changed the meaning of
+namei_flags, and thus inadvertently changed the test of access mode for
+directories (and RO filesystem) to use the wrong flag. So fix those
+test back to use access mode ("acc_mode") rather than the open flag
+("flag").
+
+Issue noticed by Bill Roman at Datalight.
+
+Reported-and-tested-by: Bill Roman <bill.roman at datalight.com>
+Acked-by: Trond Myklebust <Trond.Myklebust at netapp.com>
+Acked-by: Al Viro <viro at ZenIV.linux.org.uk>
+Cc: Christoph Hellwig <hch at lst.de>
+Cc: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at hp.com>
+
+diff -urpN linux-source-2.6.18.orig/fs/namei.c linux-source-2.6.18/fs/namei.c
+--- linux-source-2.6.18.orig/fs/namei.c 2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/fs/namei.c 2008-01-15 16:42:10.000000000 -0700
+@@ -1500,7 +1500,7 @@ int may_open(struct nameidata *nd, int a
+ if (S_ISLNK(inode->i_mode))
+ return -ELOOP;
+
+- if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
++ if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
+ return -EISDIR;
+
+ error = vfs_permission(nd, acc_mode);
+@@ -1519,7 +1519,7 @@ int may_open(struct nameidata *nd, int a
+ return -EACCES;
+
+ flag &= ~O_TRUNC;
+- } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
++ } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
+ return -EROFS;
+ /*
+ * An append-only file must be opened in append mode for writing.
Modified: dists/etch-security/linux-2.6/debian/patches/series/17etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/17etch1 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/17etch1 Tue Jan 15 23:46:19 2008
@@ -1 +1,2 @@
+ bugfix/i4l-isdn_ioctl-mem-overrun.patch
++ bugfix/vfs-use-access-mode-flag.patch
More information about the Kernel-svn-changes
mailing list