[kernel] r13335 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 6 01:28:48 UTC 2009
Author: dannf
Date: Mon Apr 6 01:28:47 2009
New Revision: 13335
Log:
nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Sun Apr 5 20:07:50 2009 (r13334)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Apr 6 01:28:47 2009 (r13335)
@@ -9,6 +9,7 @@
* shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM (CVE-2009-0859)
This issue does not effect pre-build Debian kernels.
* Fix an off-by-two memory error in console selection (CVE-2009-1046)
+ * nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
-- dann frazier <dannf at debian.org> Fri, 03 Apr 2009 19:12:51 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch Mon Apr 6 01:28:47 2009 (r13335)
@@ -0,0 +1,36 @@
+commit 76a67ec6fb79ff3570dcb5342142c16098299911
+Author: J. Bruce Fields <bfields at citi.umich.edu>
+Date: Mon Mar 16 18:34:20 2009 -0400
+
+ nfsd: nfsd should drop CAP_MKNOD for non-root
+
+ Since creating a device node is normally an operation requiring special
+ privilege, Igor Zhbanov points out that it is surprising (to say the
+ least) that a client can, for example, create a device node on a
+ filesystem exported with root_squash.
+
+ So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd
+ thread handles a request from a non-root user.
+
+ Reported-by: Igor Zhbanov <izh1979 at gmail.com>
+ Cc: stable at kernel.org
+ Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/include/linux/capability.h linux-source-2.6.26/include/linux/capability.h
+--- linux-source-2.6.26.orig/include/linux/capability.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/linux/capability.h 2009-04-05 19:17:27.000000000 -0600
+@@ -382,8 +382,10 @@ typedef struct kernel_cap_struct {
+ # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
+ # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
+ # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } })
+-# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
+- CAP_FS_MASK_B1 } })
++# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
++ | CAP_TO_MASK(CAP_SYS_RESOURCE) \
++ | CAP_TO_MASK(CAP_MKNOD), \
++ CAP_FS_MASK_B1 } })
+
+ #endif /* _KERNEL_CAPABILITY_U32S != 2 */
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/15lenny1 Sun Apr 5 20:07:50 2009 (r13334)
+++ dists/lenny-security/linux-2.6/debian/patches/series/15lenny1 Mon Apr 6 01:28:47 2009 (r13335)
@@ -5,3 +5,4 @@
+ bugfix/all/seccomp-fix-32+64-syscall-hole.patch
+ bugfix/all/shm-fix-shmctl(SHM_INFO)-lockup-without-CONFIG_SHMEM.patch
+ bugfix/all/fix-off-by-2-error-in-console-selection.patch
++ bugfix/all/nfsd-drop-CAP_MKNOD-for-non-root.patch
More information about the Kernel-svn-changes
mailing list