[kernel] r11428 - in dists/etch/linux-2.6.24/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Wed May 21 04:59:59 UTC 2008
Author: dannf
Date: Wed May 21 04:59:56 2008
New Revision: 11428
Log:
Prevent local users from modifying file times without permission
(CVE-2008-2148)
Added:
dists/etch/linux-2.6.24/debian/patches/bugfix/vfs-fix-permission-checking-in-sys_utimensat.patch
dists/etch/linux-2.6.24/debian/patches/series/6~etchnhalf.3
Modified:
dists/etch/linux-2.6.24/debian/changelog
Modified: dists/etch/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch/linux-2.6.24/debian/changelog (original)
+++ dists/etch/linux-2.6.24/debian/changelog Wed May 21 04:59:56 2008
@@ -1,3 +1,10 @@
+linux-2.6.24 (2.6.24-6~etchnhalf.3) UNRELEASED; urgency=low
+
+ * Prevent local users from modifying file times without permission
+ (CVE-2008-2148)
+
+ -- dann frazier <dannf at debian.org> Tue, 20 May 2008 22:48:40 -0600
+
linux-2.6.24 (2.6.24-6~etchnhalf.2) stable; urgency=low
* Add pci ids for the ICH10 southbridge
Added: dists/etch/linux-2.6.24/debian/patches/bugfix/vfs-fix-permission-checking-in-sys_utimensat.patch
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6.24/debian/patches/bugfix/vfs-fix-permission-checking-in-sys_utimensat.patch Wed May 21 04:59:56 2008
@@ -0,0 +1,67 @@
+commit 02c6be615f1fcd37ac5ed93a3ad6692ad8991cd9
+Author: Miklos Szeredi <mszeredi at suse.cz>
+Date: Thu May 1 04:34:45 2008 -0700
+
+ vfs: fix permission checking in sys_utimensat
+
+ If utimensat() is called with both times set to UTIME_NOW or one of them to
+ UTIME_NOW and the other to UTIME_OMIT, then it will update the file time
+ without any permission checking.
+
+ I don't think this can be used for anything other than a local DoS, but could
+ be quite bewildering at that (e.g. "Why was that large source tree rebuilt
+ when I didn't modify anything???")
+
+ This affects all kernels from 2.6.22, when the utimensat() syscall was
+ introduced.
+
+ Fix by doing the same permission checking as for the "times == NULL" case.
+
+ Thanks to Michael Kerrisk, whose utimensat-non-conformances-and-fixes.patch in
+ -mm also fixes this (and breaks other stuff), only he didn't realize the
+ security implications of this bug.
+
+ Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
+ Cc: Ulrich Drepper <drepper at redhat.com>
+ Cc: Michael Kerrisk <mtk-manpages at gmx.net>
+ Cc: <stable at kernel.org>
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/utimes.c b/fs/utimes.c
+index a2bef77..af059d5 100644
+--- a/fs/utimes.c
++++ b/fs/utimes.c
+@@ -40,9 +40,14 @@ asmlinkage long sys_utime(char __user *filename, struct utimbuf __user *times)
+
+ #endif
+
++static bool nsec_special(long nsec)
++{
++ return nsec == UTIME_OMIT || nsec == UTIME_NOW;
++}
++
+ static bool nsec_valid(long nsec)
+ {
+- if (nsec == UTIME_OMIT || nsec == UTIME_NOW)
++ if (nsec_special(nsec))
+ return true;
+
+ return nsec >= 0 && nsec <= 999999999;
+@@ -119,7 +124,15 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
+ newattrs.ia_mtime.tv_nsec = times[1].tv_nsec;
+ newattrs.ia_valid |= ATTR_MTIME_SET;
+ }
+- } else {
++ }
++
++ /*
++ * If times is NULL or both times are either UTIME_OMIT or
++ * UTIME_NOW, then need to check permissions, because
++ * inode_change_ok() won't do it.
++ */
++ if (!times || (nsec_special(times[0].tv_nsec) &&
++ nsec_special(times[1].tv_nsec))) {
+ error = -EACCES;
+ if (IS_IMMUTABLE(inode))
+ goto mnt_drop_write_and_out;
Added: dists/etch/linux-2.6.24/debian/patches/series/6~etchnhalf.3
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6.24/debian/patches/series/6~etchnhalf.3 Wed May 21 04:59:56 2008
@@ -0,0 +1 @@
++ bugfix/vfs-fix-permission-checking-in-sys_utimensat.patch
More information about the Kernel-svn-changes
mailing list