[kernel] r14152 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Aug 20 20:38:24 UTC 2009
Author: dannf
Date: Thu Aug 20 20:38:22 2009
New Revision: 14152
Log:
execve: must clear current->clear_child_tid (CVE-2009-2848)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch
- copied, changed from r14148, dists/lenny/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/24etch4
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Thu Aug 20 20:29:33 2009 (r14151)
+++ dists/etch-security/linux-2.6/debian/changelog Thu Aug 20 20:38:22 2009 (r14152)
@@ -3,6 +3,7 @@
* [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
* do_sigaltstack: avoid copying 'stack_t' as a structure to user space
(CVE-2009-2847)
+ * execve: must clear current->clear_child_tid (CVE-2009-2848)
-- dann frazier <dannf at debian.org> Thu, 20 Aug 2009 14:20:23 -0600
Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch (from r14148, dists/lenny/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch)
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch Thu Aug 20 14:32:46 2009 (r14148, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/execve-must-clear-current-clear_child_tid.patch Thu Aug 20 20:38:22 2009 (r14152)
@@ -85,21 +85,19 @@
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-diff --git a/kernel/fork.c b/kernel/fork.c
-index 466531e..021e113 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -568,18 +568,18 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
- * the value intact in a core dump, and to save the unnecessary
- * trouble otherwise. Userland only wants this done for a sys_exit.
- */
-- if (tsk->clear_child_tid
-- && !(tsk->flags & PF_SIGNALED)
-- && atomic_read(&mm->mm_users) > 1) {
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/kernel/fork.c linux-source-2.6.18/kernel/fork.c
+--- linux-source-2.6.18.orig/kernel/fork.c 2009-08-15 12:05:16.000000000 -0600
++++ linux-source-2.6.18/kernel/fork.c 2009-08-20 14:35:30.000000000 -0600
+@@ -439,16 +439,17 @@ void mm_release(struct task_struct *tsk,
+ tsk->vfork_done = NULL;
+ complete(vfork_done);
+ }
+- if (tsk->clear_child_tid && atomic_read(&mm->mm_users) > 1) {
- u32 __user * tidptr = tsk->clear_child_tid;
+ if (tsk->clear_child_tid) {
-+ if (!(tsk->flags & PF_SIGNALED) &&
-+ atomic_read(&mm->mm_users) > 1) {
++ if (atomic_read(&mm->mm_users) > 1) {
+ /*
+ * We don't check the error code - if userspace has
+ * not set up a proper pointer then tough luck.
Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch4
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch4 Thu Aug 20 20:29:33 2009 (r14151)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch4 Thu Aug 20 20:38:22 2009 (r14152)
@@ -1,3 +1,4 @@
+ bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch
+ bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
+ bugfix/all/do_sigaltstack-small-cleanups.patch
++ bugfix/all/execve-must-clear-current-clear_child_tid.patch
More information about the Kernel-svn-changes
mailing list