[kernel] r13329 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/x86 patches/series
Dann Frazier
dannf at alioth.debian.org
Sat Apr 4 17:17:18 UTC 2009
Author: dannf
Date: Sat Apr 4 17:17:16 2009
New Revision: 13329
Log:
[amd64] syscall-audit: fix 32/64 syscall hole
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog (original)
+++ dists/lenny-security/linux-2.6/debian/changelog Sat Apr 4 17:17:16 2009
@@ -4,6 +4,7 @@
(CVE-2009-0028)
* ecryptfs: Allocate a variable number of pages for file headers
(CVE-2009-0787)
+ * [amd64] syscall-audit: fix 32/64 syscall hole
-- dann frazier <dannf at debian.org> Fri, 03 Apr 2009 19:12:51 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch
==============================================================================
--- (empty file)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch Sat Apr 4 17:17:16 2009
@@ -0,0 +1,33 @@
+commit ccbe495caa5e604b04d5a31d7459a6f6a76a756c
+Author: Roland McGrath <roland at redhat.com>
+Date: Fri Feb 27 19:03:24 2009 -0800
+
+ x86-64: syscall-audit: fix 32/64 syscall hole
+
+ On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
+ ljmp, and then use the "syscall" instruction to make a 64-bit system
+ call. A 64-bit process make a 32-bit system call with int $0x80.
+
+ In both these cases, audit_syscall_entry() will use the wrong system
+ call number table and the wrong system call argument registers. This
+ could be used to circumvent a syscall audit configuration that filters
+ based on the syscall numbers or argument details.
+
+ Signed-off-by: Roland McGrath <roland at redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Based on Eugene Teo's backport for RHEL5
+
+diff -urpN linux-source-2.6.26.orig/arch/x86/kernel/ptrace.c linux-source-2.6.26/arch/x86/kernel/ptrace.c
+--- linux-source-2.6.26.orig/arch/x86/kernel/ptrace.c 2009-03-25 17:20:38.000000000 -0600
++++ linux-source-2.6.26/arch/x86/kernel/ptrace.c 2009-04-04 11:09:01.000000000 -0600
+@@ -1491,7 +1491,7 @@ asmlinkage void syscall_trace_enter(stru
+ syscall_trace(regs);
+
+ if (unlikely(current->audit_context)) {
+- if (test_thread_flag(TIF_IA32)) {
++ if (is_compat_task()) {
+ audit_syscall_entry(AUDIT_ARCH_I386,
+ regs->orig_ax,
+ regs->bx, regs->cx,
Modified: dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/15lenny1 (original)
+++ dists/lenny-security/linux-2.6/debian/patches/series/15lenny1 Sat Apr 4 17:17:16 2009
@@ -1,3 +1,4 @@
+ bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch
+ bugfix/all/ecryptfs-fix-mem-corruption-when-storing-crypto-info-in-xattrs.patch
+ bugfix/all/ecryptfs-allocate-a-variable-number-of-pages-for-file-headers.patch
++ bugfix/x86/syscall-audit-fix-32+64-syscall-hole.patch
More information about the Kernel-svn-changes
mailing list