[kernel] r11843 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Wed Jul 16 05:12:10 UTC 2008 

Author: dannf
Date: Wed Jul 16 05:12:08 2008
New Revision: 11843

Log:
bugfix/check-privileges-before-setting-mount-propagation.patch
[SECURITY] Check CAP_SYS_ADMIN when changing mountpoint type 
See CVE-2008-2931

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/check-privileges-before-setting-mount-propagation.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/18etch7

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Wed Jul 16 05:12:08 2008
@@ -15,8 +15,11 @@
   * bugfix/tty-fix-for-tty-operations-bugs.patch
     [SECURITY] Fix issues with tty operation handling in various drivers
     See CVE-2008-2812
+  * bugfix/check-privileges-before-setting-mount-propagation.patch
+    [SECURITY] Check CAP_SYS_ADMIN when changing mountpoint type 
+    See CVE-2008-2931
 
- -- dann frazier <dannf at debian.org>  Tue, 01 Jul 2008 10:54:29 -0600
+ -- dann frazier <dannf at debian.org>  Tue, 15 Jul 2008 21:53:11 -0700
 
 linux-2.6 (2.6.18.dfsg.1-18etch6) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/check-privileges-before-setting-mount-propagation.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/check-privileges-before-setting-mount-propagation.patch	Wed Jul 16 05:12:08 2008
@@ -0,0 +1,28 @@
+commit ee6f958291e2a768fd727e7a67badfff0b67711a
+Author: Miklos Szeredi <mszeredi at suse.cz>
+Date:   Tue May 8 00:30:40 2007 -0700
+
+    check privileges before setting mount propagation
+    
+    There's a missing check for CAP_SYS_ADMIN in do_change_type().
+    
+    Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
+    Cc: Al Viro <viro at zeniv.linux.org.uk>
+    Cc: Christoph Hellwig <hch at lst.de>
+    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/namespace.c b/fs/namespace.c
+index 72bb106..b696e3a 100644
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -886,6 +886,9 @@ static int do_change_type(struct nameidata *nd, int flag)
+ 	int recurse = flag & MS_REC;
+ 	int type = flag & ~MS_REC;
+ 
++	if (!capable(CAP_SYS_ADMIN))
++		return -EPERM;
++
+ 	if (nd->dentry != nd->mnt->mnt_root)
+ 		return -EINVAL;
+ 

Modified: dists/etch-security/linux-2.6/debian/patches/series/18etch7
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/18etch7	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/18etch7	Wed Jul 16 05:12:08 2008
@@ -3,3 +3,4 @@
 + bugfix/amd64-fix-zeroing-on-exception-in-copy_user-pre.patch
 + bugfix/amd64-fix-zeroing-on-exception-in-copy_user.patch
 + bugfix/tty-fix-for-tty-operations-bugs.patch
++ bugfix/check-privileges-before-setting-mount-propagation.patch

More information about the Kernel-svn-changes mailing list