[kernel] r15069 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 00:20:54 UTC 2010
Author: dannf
Date: Mon Feb 1 00:20:52 2010
New Revision: 15069
Log:
Avoid /proc/$pid/maps visibility during initial setuid ELF loading
(CVE-2009-2691)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Sun Jan 31 21:26:06 2010 (r15068)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 00:20:52 2010 (r15069)
@@ -1,3 +1,10 @@
+linux-2.6.24 (2.6.24-6~etchnhalf.9etch2) UNRELEASED; urgency=high
+
+ * Avoid /proc/$pid/maps visibility during initial setuid ELF loading
+ (CVE-2009-2691)
+
+ -- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
+
linux-2.6.24 (2.6.24-6~etchnhalf.9etch1) oldstable-security; urgency=high
* [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch Mon Feb 1 00:20:52 2010 (r15069)
@@ -11,12 +11,12 @@
Author: Oleg Nesterov <onestero at redhat.com>
Signed-off-by: Clark Williams <williams at redhat.com>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/fs/exec.c linux-source-2.6.26/fs/exec.c
---- linux-source-2.6.26.orig/fs/exec.c 2009-10-23 16:53:12.000000000 -0600
-+++ linux-source-2.6.26/fs/exec.c 2009-12-02 13:18:15.000000000 -0700
-@@ -355,6 +355,7 @@ int bprm_mm_init(struct linux_binprm *bp
+diff -urpN linux-source-2.6.24.orig/fs/exec.c linux-source-2.6.24/fs/exec.c
+--- linux-source-2.6.24.orig/fs/exec.c 2009-11-04 18:42:05.000000000 -0700
++++ linux-source-2.6.24/fs/exec.c 2010-01-31 17:15:54.000000000 -0700
+@@ -342,6 +342,7 @@ int bprm_mm_init(struct linux_binprm *bp
if (err)
goto err;
@@ -24,7 +24,7 @@
return 0;
err:
-@@ -1103,6 +1104,7 @@ void compute_creds(struct linux_binprm *
+@@ -1132,6 +1133,7 @@ void compute_creds(struct linux_binprm *
task_lock(current);
unsafe = unsafe_exec(current);
security_bprm_apply_creds(bprm, unsafe);
@@ -32,10 +32,10 @@
task_unlock(current);
security_bprm_post_apply_creds(bprm);
}
-diff -urpN linux-source-2.6.26.orig/fs/proc/base.c linux-source-2.6.26/fs/proc/base.c
---- linux-source-2.6.26.orig/fs/proc/base.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/fs/proc/base.c 2009-12-02 13:18:15.000000000 -0700
-@@ -251,7 +251,8 @@ struct mm_struct *mm_for_maps(struct tas
+diff -urpN linux-source-2.6.24.orig/fs/proc/base.c linux-source-2.6.24/fs/proc/base.c
+--- linux-source-2.6.24.orig/fs/proc/base.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/proc/base.c 2010-01-31 17:15:54.000000000 -0700
+@@ -211,7 +211,8 @@ struct mm_struct *mm_for_maps(struct tas
task_lock(task);
if (task->mm != mm)
goto out;
@@ -45,10 +45,10 @@
goto out;
task_unlock(task);
return mm;
-diff -urpN linux-source-2.6.26.orig/include/linux/sched.h linux-source-2.6.26/include/linux/sched.h
---- linux-source-2.6.26.orig/include/linux/sched.h 2009-10-23 16:53:12.000000000 -0600
-+++ linux-source-2.6.26/include/linux/sched.h 2009-12-02 13:18:15.000000000 -0700
-@@ -395,6 +395,8 @@ extern int get_dumpable(struct mm_struct
+diff -urpN linux-source-2.6.24.orig/include/linux/sched.h linux-source-2.6.24/include/linux/sched.h
+--- linux-source-2.6.24.orig/include/linux/sched.h 2009-11-04 18:42:05.000000000 -0700
++++ linux-source-2.6.24/include/linux/sched.h 2010-01-31 17:15:54.000000000 -0700
+@@ -360,6 +360,8 @@ extern int get_dumpable(struct mm_struct
#define MMF_DUMP_SECURELY 1 /* core file is readable only by root */
#define MMF_DUMPABLE_BITS 2
Added: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 00:20:52 2010 (r15069)
@@ -0,0 +1 @@
++ bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
More information about the Kernel-svn-changes
mailing list