[kernel] r15069 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Feb 1 00:20:54 UTC 2010 

Author: dannf
Date: Mon Feb  1 00:20:52 2010
New Revision: 15069

Log:
Avoid /proc/$pid/maps visibility during initial setuid ELF loading
(CVE-2009-2691)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
      - copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Sun Jan 31 21:26:06 2010	(r15068)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Mon Feb  1 00:20:52 2010	(r15069)
@@ -1,3 +1,10 @@
+linux-2.6.24 (2.6.24-6~etchnhalf.9etch2) UNRELEASED; urgency=high
+
+  * Avoid /proc/$pid/maps visibility during initial setuid ELF loading
+    (CVE-2009-2691)
+
+ -- dann frazier <dannf at debian.org>  Sun, 31 Jan 2010 17:17:52 -0700
+
 linux-2.6.24 (2.6.24-6~etchnhalf.9etch1) oldstable-security; urgency=high
 
   * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)

Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch	Sun Jan 31 21:26:06 2010	(r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch	Mon Feb  1 00:20:52 2010	(r15069)
@@ -11,12 +11,12 @@
 Author: Oleg Nesterov <onestero at redhat.com>
 Signed-off-by: Clark Williams <williams at redhat.com>
 
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
 
-diff -urpN linux-source-2.6.26.orig/fs/exec.c linux-source-2.6.26/fs/exec.c
---- linux-source-2.6.26.orig/fs/exec.c	2009-10-23 16:53:12.000000000 -0600
-+++ linux-source-2.6.26/fs/exec.c	2009-12-02 13:18:15.000000000 -0700
-@@ -355,6 +355,7 @@ int bprm_mm_init(struct linux_binprm *bp
+diff -urpN linux-source-2.6.24.orig/fs/exec.c linux-source-2.6.24/fs/exec.c
+--- linux-source-2.6.24.orig/fs/exec.c	2009-11-04 18:42:05.000000000 -0700
++++ linux-source-2.6.24/fs/exec.c	2010-01-31 17:15:54.000000000 -0700
+@@ -342,6 +342,7 @@ int bprm_mm_init(struct linux_binprm *bp
  	if (err)
  		goto err;
  
@@ -24,7 +24,7 @@
  	return 0;
  
  err:
-@@ -1103,6 +1104,7 @@ void compute_creds(struct linux_binprm *
+@@ -1132,6 +1133,7 @@ void compute_creds(struct linux_binprm *
  	task_lock(current);
  	unsafe = unsafe_exec(current);
  	security_bprm_apply_creds(bprm, unsafe);
@@ -32,10 +32,10 @@
  	task_unlock(current);
  	security_bprm_post_apply_creds(bprm);
  }
-diff -urpN linux-source-2.6.26.orig/fs/proc/base.c linux-source-2.6.26/fs/proc/base.c
---- linux-source-2.6.26.orig/fs/proc/base.c	2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/fs/proc/base.c	2009-12-02 13:18:15.000000000 -0700
-@@ -251,7 +251,8 @@ struct mm_struct *mm_for_maps(struct tas
+diff -urpN linux-source-2.6.24.orig/fs/proc/base.c linux-source-2.6.24/fs/proc/base.c
+--- linux-source-2.6.24.orig/fs/proc/base.c	2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/proc/base.c	2010-01-31 17:15:54.000000000 -0700
+@@ -211,7 +211,8 @@ struct mm_struct *mm_for_maps(struct tas
  	task_lock(task);
  	if (task->mm != mm)
  		goto out;
@@ -45,10 +45,10 @@
  		goto out;
  	task_unlock(task);
  	return mm;
-diff -urpN linux-source-2.6.26.orig/include/linux/sched.h linux-source-2.6.26/include/linux/sched.h
---- linux-source-2.6.26.orig/include/linux/sched.h	2009-10-23 16:53:12.000000000 -0600
-+++ linux-source-2.6.26/include/linux/sched.h	2009-12-02 13:18:15.000000000 -0700
-@@ -395,6 +395,8 @@ extern int get_dumpable(struct mm_struct
+diff -urpN linux-source-2.6.24.orig/include/linux/sched.h linux-source-2.6.24/include/linux/sched.h
+--- linux-source-2.6.24.orig/include/linux/sched.h	2009-11-04 18:42:05.000000000 -0700
++++ linux-source-2.6.24/include/linux/sched.h	2010-01-31 17:15:54.000000000 -0700
+@@ -360,6 +360,8 @@ extern int get_dumpable(struct mm_struct
  #define MMF_DUMP_SECURELY 1  /* core file is readable only by root */
  #define MMF_DUMPABLE_BITS 2
  

Added: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2	Mon Feb  1 00:20:52 2010	(r15069)
@@ -0,0 +1 @@
++ bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch

More information about the Kernel-svn-changes mailing list