[kernel] r10156 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Mon Jan 21 01:06:50 UTC 2008 

Author: dannf
Date: Mon Jan 21 01:06:50 2008
New Revision: 10156

Log:
* 253_coredump-only-to-same-uid.diff
  [SECURITY] Fix an issue where core dumping over a file that
  already exists retains the ownership of the original file
  See CVE-2007-6206

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Mon Jan 21 01:06:50 2008
@@ -41,6 +41,10 @@
     252_openpromfs-checks-3.diff
     [SECURITY] Fix a number of data checks in openprom code
     See CVE-2004-2731
+  * 253_coredump-only-to-same-uid.diff
+    [SECURITY] Fix an issue where core dumping over a file that
+    already exists retains the ownership of the original file
+    See CVE-2007-6206
 
  -- dann frazier <dannf at debian.org>  Mon, 12 Nov 2007 16:29:16 -0700
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff	Mon Jan 21 01:06:50 2008
@@ -0,0 +1,35 @@
+From: Willy Tarreau <w at 1wt.eu>
+Date: Mon, 10 Dec 2007 06:00:14 +0000 (+0100)
+Subject: [PATCH] vfs: coredumping fix
+X-Git-Tag: v2.4.36-rc1~4
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=62b548a60eaff6f986e9b3f5fd602ddae451b33e
+
+[PATCH] vfs: coredumping fix
+
+Backport of 2.6 commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af by Ingo Molnar.
+
+fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
+
+only allow coredumping to the same uid that the coredumping
+task runs under.
+
+Signed-off-by: Willy Tarreau <w at 1wt.eu>
+---
+
+diff --git a/fs/exec.c b/fs/exec.c
+index 1d23db6..87d06b1 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1167,6 +1167,12 @@ int do_coredump(long signr, struct pt_regs * regs)
+ 
+ 	if (!S_ISREG(inode->i_mode))
+ 		goto close_fail;
++	/*
++	 * Dont allow local users get cute and trick others to coredump
++	 * into their pre-created files:
++	 */
++	if (inode->i_uid != current->fsuid)
++		goto close_fail;
+ 	if (!file->f_op)
+ 		goto close_fail;
+ 	if (!file->f_op->write)

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	Mon Jan 21 01:06:50 2008
@@ -12,3 +12,4 @@
 + 250_openpromfs-checks-1.diff
 + 251_openpromfs-checks-2.diff
 + 252_openpromfs-checks-3.diff
++ 253_coredump-only-to-same-uid.diff

More information about the Kernel-svn-changes mailing list