[kernel] r12340 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Fri Oct 17 21:59:02 2008
New Revision: 12340

Log:
Don't allow splicing to files opened with O_APPEND (CVE-2008-4554)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/9

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Fri Oct 17 21:59:02 2008
@@ -96,8 +96,9 @@
 
   [ dann frazier ]
   * Restrict access to the DRM_I915_HWS_ADDR ioctl (CVE-2008-3831)
+  * Don't allow splicing to files opened with O_APPEND (CVE-2008-4554)
 
- -- dann frazier <dannf at debian.org>  Fri, 17 Oct 2008 15:29:52 -0600
+ -- dann frazier <dannf at debian.org>  Fri, 17 Oct 2008 15:48:29 -0600
 
 linux-2.6 (2.6.26-8) unstable; urgency=medium
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch	Fri Oct 17 21:59:02 2008
@@ -0,0 +1,39 @@
+commit efc968d450e013049a662d22727cf132618dcb2f
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date:   Thu Oct 9 14:04:54 2008 -0700
+
+    Don't allow splice() to files opened with O_APPEND
+    
+    This is debatable, but while we're debating it, let's disallow the
+    combination of splice and an O_APPEND destination.
+    
+    It's not entirely clear what the semantics of O_APPEND should be, and
+    POSIX apparently expects pwrite() to ignore O_APPEND, for example.  So
+    we could make up any semantics we want, including the old ones.
+    
+    But Miklos convinced me that we should at least give it some thought,
+    and that accepting writes at arbitrary offsets is wrong at least for
+    IS_APPEND() files (which always have O_APPEND set, even if the reverse
+    isn't true: you can obviously have O_APPEND set on a regular file).
+    
+    So disallow O_APPEND entirely for now.  I doubt anybody cares, and this
+    way we have one less gray area to worry about.
+    
+    Reported-and-argued-for-by: Miklos Szeredi <miklos at szeredi.hu>
+    Acked-by: Jens Axboe <ens.axboe at oracle.com>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/splice.c b/fs/splice.c
+index 1bbc6f4..a1e701c 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -898,6 +898,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+ 	if (unlikely(!(out->f_mode & FMODE_WRITE)))
+ 		return -EBADF;
+ 
++	if (unlikely(out->f_flags & O_APPEND))
++		return -EINVAL;
++
+ 	ret = rw_verify_area(WRITE, out, ppos, len);
+ 	if (unlikely(ret < 0))
+ 		return ret;

Modified: dists/sid/linux-2.6/debian/patches/series/9
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/9	(original)
+++ dists/sid/linux-2.6/debian/patches/series/9	Fri Oct 17 21:59:02 2008
@@ -7,3 +7,4 @@
 - bugfix/x86/nonpnp-rtc-device.patch
 + bugfix/x86/nonpnp-rtc-device-1.patch
 + bugfix/x86/i915-restrict-DRM_I915_HWS_ADDR.patch
++ bugfix/all/dont-allow-splice-to-files-opened-with-O_APPEND.patch