[kernel] r10156 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jan 21 01:06:50 UTC 2008
Author: dannf
Date: Mon Jan 21 01:06:50 2008
New Revision: 10156
Log:
* 253_coredump-only-to-same-uid.diff
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Mon Jan 21 01:06:50 2008
@@ -41,6 +41,10 @@
252_openpromfs-checks-3.diff
[SECURITY] Fix a number of data checks in openprom code
See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
-- dann frazier <dannf at debian.org> Mon, 12 Nov 2007 16:29:16 -0700
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/253_coredump-only-to-same-uid.diff Mon Jan 21 01:06:50 2008
@@ -0,0 +1,35 @@
+From: Willy Tarreau <w at 1wt.eu>
+Date: Mon, 10 Dec 2007 06:00:14 +0000 (+0100)
+Subject: [PATCH] vfs: coredumping fix
+X-Git-Tag: v2.4.36-rc1~4
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=62b548a60eaff6f986e9b3f5fd602ddae451b33e
+
+[PATCH] vfs: coredumping fix
+
+Backport of 2.6 commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af by Ingo Molnar.
+
+fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
+
+only allow coredumping to the same uid that the coredumping
+task runs under.
+
+Signed-off-by: Willy Tarreau <w at 1wt.eu>
+---
+
+diff --git a/fs/exec.c b/fs/exec.c
+index 1d23db6..87d06b1 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1167,6 +1167,12 @@ int do_coredump(long signr, struct pt_regs * regs)
+
+ if (!S_ISREG(inode->i_mode))
+ goto close_fail;
++ /*
++ * Dont allow local users get cute and trick others to coredump
++ * into their pre-created files:
++ */
++ if (inode->i_uid != current->fsuid)
++ goto close_fail;
+ if (!file->f_op)
+ goto close_fail;
+ if (!file->f_op->write)
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Mon Jan 21 01:06:50 2008
@@ -12,3 +12,4 @@
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
++ 253_coredump-only-to-same-uid.diff
More information about the Kernel-svn-changes
mailing list