[kernel] r13440 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Sat Apr 18 20:55:16 UTC 2009 

Author: dannf
Date: Sat Apr 18 20:55:14 2009
New Revision: 13440

Log:
Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
      - copied, changed from r13438, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Sat Apr 18 20:51:49 2009	(r13439)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Sat Apr 18 20:55:14 2009	(r13440)
@@ -27,6 +27,7 @@
   * af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
   * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
   * exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
+  * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
 
  -- dann frazier <dannf at debian.org>  Tue, 24 Feb 2009 23:25:36 -0700
 

Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch (from r13438, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch	Sat Apr 18 20:41:38 2009	(r13438, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch	Sat Apr 18 20:55:14 2009	(r13440)
@@ -20,13 +20,14 @@
     Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
     Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
 
-diff --git a/kernel/signal.c b/kernel/signal.c
-index 105217d..4530fc6 100644
---- a/kernel/signal.c
-+++ b/kernel/signal.c
-@@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
- 		struct task_struct * p;
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.24.orig/kernel/signal.c linux-source-2.6.24/kernel/signal.c
+--- linux-source-2.6.24.orig/kernel/signal.c	2009-04-11 14:35:50.000000000 -0600
++++ linux-source-2.6.24/kernel/signal.c	2009-04-18 14:52:22.000000000 -0600
+@@ -1150,7 +1150,8 @@ static int kill_something_info(int sig, 
  
+ 		read_lock(&tasklist_lock);
  		for_each_process(p) {
 -			if (p->pid > 1 && !same_thread_group(p, current)) {
 +			if (task_pid_vnr(p) > 1 &&

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1	Sat Apr 18 20:51:49 2009	(r13439)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1	Sat Apr 18 20:55:14 2009	(r13440)
@@ -80,3 +80,4 @@
 + bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
 + bugfix/kvm-vmx-inhibit-EFER-access.patch
 + bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
++ bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch

More information about the Kernel-svn-changes mailing list