[kernel] r14350 - dists/lenny-security/linux-2.6/debian/patches/bugfix/all
Dann Frazier
dannf at alioth.debian.org
Thu Oct 8 06:04:40 UTC 2009
Author: dannf
Date: Thu Oct 8 06:04:25 2009
New Revision: 14350
Log:
fix duplicate hunks
Modified:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch
Modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch Thu Oct 8 04:50:27 2009 (r14349)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch Thu Oct 8 06:04:25 2009 (r14350)
@@ -67,7 +67,7 @@
+{
+ int ret = 0;
+
-+ if (addr < mmap_min_addr) {
++ if (addr < dac_mmap_min_addr) {
+ ret = cap_capable(current, CAP_SYS_RAWIO);
+ /* set PF_SUPERPRIV if it turns out we allow the low mmap */
+ if (ret == 0)
Modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch Thu Oct 8 04:50:27 2009 (r14349)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch Thu Oct 8 06:04:25 2009 (r14350)
@@ -66,16 +66,6 @@
#include <linux/msg.h>
#include <linux/sched.h>
#include <linux/key.h>
-@@ -58,6 +59,9 @@ extern int cap_inode_setxattr(struct den
- extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
- extern int cap_inode_need_killpriv(struct dentry *dentry);
- extern int cap_inode_killpriv(struct dentry *dentry);
-+extern int cap_file_mmap(struct file *file, unsigned long reqprot,
-+ unsigned long prot, unsigned long flags,
-+ unsigned long addr, unsigned long addr_only);
- extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
- extern void cap_task_reparent_to_init(struct task_struct *p);
- extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
@@ -84,6 +88,7 @@ extern int cap_netlink_send(struct sock
extern int cap_netlink_recv(struct sk_buff *skb, int cap);
@@ -106,17 +96,6 @@
/**
* struct security_operations - main security structure
*
-@@ -2135,9 +2155,7 @@ static inline int security_file_mmap(str
- unsigned long addr,
- unsigned long addr_only)
- {
-- if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
-- return -EACCES;
-- return 0;
-+ return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
- }
-
- static inline int security_file_mprotect(struct vm_area_struct *vma,
diff -urpN linux-source-2.6.26.orig/kernel/sysctl.c linux-source-2.6.26/kernel/sysctl.c
--- linux-source-2.6.26.orig/kernel/sysctl.c 2009-09-30 09:13:56.000000000 -0600
+++ linux-source-2.6.26/kernel/sysctl.c 2009-09-30 09:21:57.000000000 -0600
@@ -163,55 +142,6 @@
/*
* Check that a process has enough memory to allocate a new virtual
* mapping. 0 means there is enough memory for the allocation to
-diff -urpN linux-source-2.6.26.orig/security/commoncap.c linux-source-2.6.26/security/commoncap.c
---- linux-source-2.6.26.orig/security/commoncap.c 2009-08-18 23:15:10.000000000 -0600
-+++ linux-source-2.6.26/security/commoncap.c 2009-09-30 09:34:11.000000000 -0600
-@@ -689,3 +689,31 @@ int cap_vm_enough_memory(struct mm_struc
- return __vm_enough_memory(mm, pages, cap_sys_admin);
- }
-
-+/*
-+ * cap_file_mmap - check if able to map given addr
-+ * @file: unused
-+ * @reqprot: unused
-+ * @prot: unused
-+ * @flags: unused
-+ * @addr: address attempting to be mapped
-+ * @addr_only: unused
-+ *
-+ * If the process is attempting to map memory below mmap_min_addr they need
-+ * CAP_SYS_RAWIO. The other parameters to this function are unused by the
-+ * capability security module. Returns 0 if this mapping should be allowed
-+ * -EPERM if not.
-+ */
-+int cap_file_mmap(struct file *file, unsigned long reqprot,
-+ unsigned long prot, unsigned long flags,
-+ unsigned long addr, unsigned long addr_only)
-+{
-+ int ret = 0;
-+
-+ if (addr < dac_mmap_min_addr) {
-+ ret = cap_capable(current, CAP_SYS_RAWIO);
-+ /* set PF_SUPERPRIV if it turns out we allow the low mmap */
-+ if (ret == 0)
-+ current->flags |= PF_SUPERPRIV;
-+ }
-+ return ret;
-+}
-diff -urpN linux-source-2.6.26.orig/security/dummy.c linux-source-2.6.26/security/dummy.c
---- linux-source-2.6.26.orig/security/dummy.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/security/dummy.c 2009-09-30 09:14:23.000000000 -0600
-@@ -459,9 +459,7 @@ static int dummy_file_mmap (struct file
- unsigned long addr,
- unsigned long addr_only)
- {
-- if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
-- return -EACCES;
-- return 0;
-+ return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
- }
-
- static int dummy_file_mprotect (struct vm_area_struct *vma,
diff -urpN linux-source-2.6.26.orig/security/Kconfig linux-source-2.6.26/security/Kconfig
--- linux-source-2.6.26.orig/security/Kconfig 2009-09-30 09:13:56.000000000 -0600
+++ linux-source-2.6.26/security/Kconfig 2009-09-30 09:21:57.000000000 -0600
More information about the Kernel-svn-changes
mailing list