[kernel] r15070 - in dists/etch-security/linux-2.6.24/debian: . config patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 02:42:09 UTC 2010
Author: dannf
Date: Mon Feb 1 02:42:03 2010
New Revision: 15070
Log:
selinux: prevent local users from bypassing mmap_min_addr
in unconfined domains (CVE-2009-2695)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch
- copied unchanged from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/config/config
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 00:20:52 2010 (r15069)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:42:03 2010 (r15070)
@@ -2,6 +2,8 @@
* Avoid /proc/$pid/maps visibility during initial setuid ELF loading
(CVE-2009-2691)
+ * selinux: prevent local users from bypassing mmap_min_addr
+ in unconfined domains (CVE-2009-2695)
-- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
Modified: dists/etch-security/linux-2.6.24/debian/config/config
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/config/config Mon Feb 1 00:20:52 2010 (r15069)
+++ dists/etch-security/linux-2.6.24/debian/config/config Mon Feb 1 02:42:03 2010 (r15070)
@@ -100,6 +100,7 @@
CONFIG_SELECT_MEMORY_MODEL=y
CONFIG_FLATMEM=y
# CONFIG_SPARSEMEM_STATIC is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=0
# CONFIG_SECCOMP is not set
# CONFIG_HZ_100 is not set
CONFIG_HZ_250=y
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch Mon Feb 1 02:42:03 2010 (r15070)
@@ -14,24 +14,24 @@
Acked-by: Serge Hallyn <serue at us.ibm.com>
Signed-off-by: James Morris <jmorris at namei.org>
-Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/include/linux/security.h linux-source-2.6.26/include/linux/security.h
---- linux-source-2.6.26.orig/include/linux/security.h 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/include/linux/security.h 2009-09-30 09:14:23.000000000 -0600
-@@ -58,6 +58,9 @@ extern int cap_inode_setxattr(struct den
- extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
+diff -urpN linux-source-2.6.24.orig/include/linux/security.h linux-source-2.6.24/include/linux/security.h
+--- linux-source-2.6.24.orig/include/linux/security.h 2010-01-31 17:42:23.000000000 -0700
++++ linux-source-2.6.24/include/linux/security.h 2010-01-31 17:49:25.000000000 -0700
+@@ -60,6 +60,9 @@ extern int cap_inode_setxattr(struct den
+ extern int cap_inode_removexattr(struct dentry *dentry, char *name);
extern int cap_inode_need_killpriv(struct dentry *dentry);
extern int cap_inode_killpriv(struct dentry *dentry);
+extern int cap_file_mmap(struct file *file, unsigned long reqprot,
+ unsigned long prot, unsigned long flags,
+ unsigned long addr, unsigned long addr_only);
- extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
- extern void cap_task_reparent_to_init(struct task_struct *p);
- extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
-@@ -2135,9 +2138,7 @@ static inline int security_file_mmap(str
- unsigned long addr,
- unsigned long addr_only)
+ extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
+ extern void cap_task_reparent_to_init (struct task_struct *p);
+ extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp);
+@@ -2138,9 +2141,7 @@ static inline void security_task_to_inod
+ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+ short flag)
{
- if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
- return -EACCES;
@@ -39,11 +39,11 @@
+ return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
}
- static inline int security_file_mprotect(struct vm_area_struct *vma,
-diff -urpN linux-source-2.6.26.orig/security/commoncap.c linux-source-2.6.26/security/commoncap.c
---- linux-source-2.6.26.orig/security/commoncap.c 2009-08-18 23:15:10.000000000 -0600
-+++ linux-source-2.6.26/security/commoncap.c 2009-09-30 09:17:19.000000000 -0600
-@@ -689,3 +689,31 @@ int cap_vm_enough_memory(struct mm_struc
+ static inline int security_msg_msg_alloc (struct msg_msg * msg)
+diff -urpN linux-source-2.6.24.orig/security/commoncap.c linux-source-2.6.24/security/commoncap.c
+--- linux-source-2.6.24.orig/security/commoncap.c 2009-11-04 18:42:04.000000000 -0700
++++ linux-source-2.6.24/security/commoncap.c 2010-01-31 17:48:56.000000000 -0700
+@@ -568,3 +568,31 @@ int cap_vm_enough_memory(struct mm_struc
return __vm_enough_memory(mm, pages, cap_sys_admin);
}
@@ -75,10 +75,10 @@
+ }
+ return ret;
+}
-diff -urpN linux-source-2.6.26.orig/security/dummy.c linux-source-2.6.26/security/dummy.c
---- linux-source-2.6.26.orig/security/dummy.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/security/dummy.c 2009-09-30 09:14:23.000000000 -0600
-@@ -459,9 +459,7 @@ static int dummy_file_mmap (struct file
+diff -urpN linux-source-2.6.24.orig/security/dummy.c linux-source-2.6.24/security/dummy.c
+--- linux-source-2.6.24.orig/security/dummy.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/security/dummy.c 2010-01-31 17:48:56.000000000 -0700
+@@ -426,9 +426,7 @@ static int dummy_file_mmap (struct file
unsigned long addr,
unsigned long addr_only)
{
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch Mon Feb 1 02:42:03 2010 (r15070)
@@ -12,52 +12,30 @@
Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/include/linux/security.h linux-source-2.6.26/include/linux/security.h
---- linux-source-2.6.26.orig/include/linux/security.h 2009-09-30 09:21:57.000000000 -0600
-+++ linux-source-2.6.26/include/linux/security.h 2009-09-30 10:08:42.000000000 -0600
-@@ -115,6 +115,21 @@ struct request_sock;
+diff -urpN linux-source-2.6.24.orig/include/linux/security.h linux-source-2.6.24/include/linux/security.h
+--- linux-source-2.6.24.orig/include/linux/security.h 2010-01-31 17:55:54.000000000 -0700
++++ linux-source-2.6.24/include/linux/security.h 2010-01-31 17:56:40.000000000 -0700
+@@ -117,8 +117,6 @@ struct request_sock;
#define LSM_UNSAFE_PTRACE 2
#define LSM_UNSAFE_PTRACE_CAP 4
-+/*
-+ * If a hint addr is less than mmap_min_addr change hint to be as
-+ * low as possible but still greater than mmap_min_addr
-+ */
-+static inline unsigned long round_hint_to_min(unsigned long hint)
-+{
-+ hint &= PAGE_MASK;
-+ if (((void *)hint != NULL) &&
-+ (hint < mmap_min_addr))
-+ return PAGE_ALIGN(mmap_min_addr);
-+ return hint;
-+}
-+extern int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp,
-+ void __user *buffer, size_t *lenp, loff_t *ppos);
-+
- #ifdef CONFIG_SECURITY
-
- struct security_mnt_opts {
-@@ -143,21 +158,6 @@ static inline void security_free_mnt_opt
- opts->num_mnt_opts = 0;
+-#ifdef CONFIG_SECURITY
+-
+ /*
+ * If a hint addr is less than mmap_min_addr change hint to be as
+ * low as possible but still greater than mmap_min_addr
+@@ -131,9 +129,11 @@ static inline unsigned long round_hint_t
+ return PAGE_ALIGN(mmap_min_addr);
+ return hint;
}
-
--/*
-- * If a hint addr is less than mmap_min_addr change hint to be as
-- * low as possible but still greater than mmap_min_addr
-- */
--static inline unsigned long round_hint_to_min(unsigned long hint)
--{
-- hint &= PAGE_MASK;
-- if (((void *)hint != NULL) &&
-- (hint < mmap_min_addr))
-- return PAGE_ALIGN(mmap_min_addr);
-- return hint;
--}
-
--extern int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp,
-- void __user *buffer, size_t *lenp, loff_t *ppos);
+ extern int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp,
+ void __user *buffer, size_t *lenp, loff_t *ppos);
++
++#ifdef CONFIG_SECURITY
++
/**
* struct security_operations - main security structure
*
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch Mon Feb 1 02:42:03 2010 (r15070, copy of r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch)
@@ -0,0 +1,13 @@
+diff -urpN a/include/linux/security.h b/include/linux/security.h
+--- a/include/linux/security.h 2009-10-16 17:19:44.000000000 -0600
++++ b/include/linux/security.h 2009-10-16 17:23:16.000000000 -0600
+@@ -28,7 +28,9 @@
+ #include <linux/resource.h>
+ #include <linux/sem.h>
+ #include <linux/shm.h>
++#ifndef __GENKSYMS__
+ #include <linux/mm.h> /* PAGE_ALIGN */
++#endif
+ #include <linux/msg.h>
+ #include <linux/sched.h>
+ #include <linux/key.h>
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch Mon Feb 1 02:42:03 2010 (r15070)
@@ -21,21 +21,12 @@
Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
-Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/include/linux/mm.h linux-source-2.6.26/include/linux/mm.h
---- linux-source-2.6.26.orig/include/linux/mm.h 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/include/linux/mm.h 2009-09-30 09:21:57.000000000 -0600
-@@ -33,8 +33,6 @@ extern int sysctl_legacy_va_layout;
- #define sysctl_legacy_va_layout 0
- #endif
-
--extern unsigned long mmap_min_addr;
--
- #include <asm/page.h>
- #include <asm/pgtable.h>
- #include <asm/processor.h>
-@@ -558,19 +556,6 @@ static inline void set_page_links(struct
+diff -urpN linux-source-2.6.24.orig/include/linux/mm.h linux-source-2.6.24/include/linux/mm.h
+--- linux-source-2.6.24.orig/include/linux/mm.h 2010-01-31 17:42:23.000000000 -0700
++++ linux-source-2.6.24/include/linux/mm.h 2010-01-31 17:51:51.000000000 -0700
+@@ -514,19 +514,6 @@ static inline void set_page_links(struct
}
/*
@@ -55,9 +46,9 @@
* Some inline functions in vmstat.h depend on page_zone()
*/
#include <linux/vmstat.h>
-diff -urpN linux-source-2.6.26.orig/include/linux/security.h linux-source-2.6.26/include/linux/security.h
---- linux-source-2.6.26.orig/include/linux/security.h 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/include/linux/security.h 2009-09-30 09:21:57.000000000 -0600
+diff -urpN linux-source-2.6.24.orig/include/linux/security.h linux-source-2.6.24/include/linux/security.h
+--- linux-source-2.6.24.orig/include/linux/security.h 2010-01-31 17:49:25.000000000 -0700
++++ linux-source-2.6.24/include/linux/security.h 2010-01-31 17:51:51.000000000 -0700
@@ -28,6 +28,7 @@
#include <linux/resource.h>
#include <linux/sem.h>
@@ -66,7 +57,7 @@
#include <linux/msg.h>
#include <linux/sched.h>
#include <linux/key.h>
-@@ -84,6 +88,7 @@ extern int cap_netlink_send(struct sock
+@@ -87,6 +88,7 @@ extern int cap_netlink_send(struct sock
extern int cap_netlink_recv(struct sk_buff *skb, int cap);
extern unsigned long mmap_min_addr;
@@ -74,9 +65,9 @@
/*
* Values used in the task_security_ops calls
*/
-@@ -138,6 +143,21 @@ static inline void security_free_mnt_opt
- opts->num_mnt_opts = 0;
- }
+@@ -115,6 +117,21 @@ struct request_sock;
+
+ #ifdef CONFIG_SECURITY
+/*
+ * If a hint addr is less than mmap_min_addr change hint to be as
@@ -96,10 +87,10 @@
/**
* struct security_operations - main security structure
*
-diff -urpN linux-source-2.6.26.orig/kernel/sysctl.c linux-source-2.6.26/kernel/sysctl.c
---- linux-source-2.6.26.orig/kernel/sysctl.c 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/kernel/sysctl.c 2009-09-30 09:21:57.000000000 -0600
-@@ -1096,10 +1096,10 @@ static struct ctl_table vm_table[] = {
+diff -urpN linux-source-2.6.24.orig/kernel/sysctl.c linux-source-2.6.24/kernel/sysctl.c
+--- linux-source-2.6.24.orig/kernel/sysctl.c 2010-01-31 17:42:23.000000000 -0700
++++ linux-source-2.6.24/kernel/sysctl.c 2010-01-31 17:51:51.000000000 -0700
+@@ -1050,10 +1050,10 @@ static struct ctl_table vm_table[] = {
{
.ctl_name = CTL_UNNUMBERED,
.procname = "mmap_min_addr",
@@ -113,10 +104,10 @@
},
#ifdef CONFIG_NUMA
{
-diff -urpN linux-source-2.6.26.orig/mm/Kconfig linux-source-2.6.26/mm/Kconfig
---- linux-source-2.6.26.orig/mm/Kconfig 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/mm/Kconfig 2009-09-30 09:21:57.000000000 -0600
-@@ -217,9 +217,9 @@ config DEFAULT_MMAP_MIN_ADDR
+diff -urpN linux-source-2.6.24.orig/mm/Kconfig linux-source-2.6.24/mm/Kconfig
+--- linux-source-2.6.24.orig/mm/Kconfig 2010-01-31 17:42:23.000000000 -0700
++++ linux-source-2.6.24/mm/Kconfig 2010-01-31 17:51:51.000000000 -0700
+@@ -205,9 +205,9 @@ config DEFAULT_MMAP_MIN_ADDR
For most ia64, ppc64 and x86 users with lots of address space
a value of 65536 is reasonable and should cause no problems.
On arm and other archs it should not be higher than 32768.
@@ -129,12 +120,12 @@
This value can be changed after boot using the
/proc/sys/vm/mmap_min_addr tunable.
-diff -urpN linux-source-2.6.26.orig/mm/mmap.c linux-source-2.6.26/mm/mmap.c
---- linux-source-2.6.26.orig/mm/mmap.c 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/mm/mmap.c 2009-09-30 09:21:57.000000000 -0600
-@@ -82,9 +82,6 @@ int sysctl_overcommit_ratio = 50; /* def
+diff -urpN linux-source-2.6.24.orig/mm/mmap.c linux-source-2.6.24/mm/mmap.c
+--- linux-source-2.6.24.orig/mm/mmap.c 2010-01-31 17:42:23.000000000 -0700
++++ linux-source-2.6.24/mm/mmap.c 2010-01-31 17:51:51.000000000 -0700
+@@ -78,9 +78,6 @@ int sysctl_overcommit_ratio = 50; /* def
int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
- atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0);
+ atomic_t vm_committed_space = ATOMIC_INIT(0);
-/* amount of vm to protect from userspace access */
-unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
@@ -142,13 +133,13 @@
/*
* Check that a process has enough memory to allocate a new virtual
* mapping. 0 means there is enough memory for the allocation to
-diff -urpN linux-source-2.6.26.orig/security/Kconfig linux-source-2.6.26/security/Kconfig
---- linux-source-2.6.26.orig/security/Kconfig 2009-09-30 09:13:56.000000000 -0600
-+++ linux-source-2.6.26/security/Kconfig 2009-09-30 09:21:57.000000000 -0600
+diff -urpN linux-source-2.6.24.orig/security/Kconfig linux-source-2.6.24/security/Kconfig
+--- linux-source-2.6.24.orig/security/Kconfig 2010-01-31 17:43:00.000000000 -0700
++++ linux-source-2.6.24/security/Kconfig 2010-01-31 17:51:51.000000000 -0700
@@ -104,6 +104,22 @@ config SECURITY_ROOTPLUG
-
If you are unsure how to answer this question, answer N.
+
+config LSM_MMAP_MIN_ADDR
+ int "Low address space for LSM to from user allocation"
+ depends on SECURITY && SECURITY_SELINUX
@@ -166,14 +157,14 @@
+ systems running LSM.
+
source security/selinux/Kconfig
- source security/smack/Kconfig
-diff -urpN linux-source-2.6.26.orig/security/Makefile linux-source-2.6.26/security/Makefile
---- linux-source-2.6.26.orig/security/Makefile 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/security/Makefile 2009-09-30 09:33:07.000000000 -0600
-@@ -6,10 +6,7 @@ obj-$(CONFIG_KEYS) += keys/
+ endmenu
+diff -urpN linux-source-2.6.24.orig/security/Makefile linux-source-2.6.24/security/Makefile
+--- linux-source-2.6.24.orig/security/Makefile 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/security/Makefile 2010-01-31 17:51:51.000000000 -0700
+@@ -5,10 +5,7 @@
+ obj-$(CONFIG_KEYS) += keys/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
- subdir-$(CONFIG_SECURITY_SMACK) += smack
-# if we don't select a security model, use the default capabilities
-ifneq ($(CONFIG_SECURITY),y)
@@ -183,9 +174,9 @@
# Object file lists
obj-$(CONFIG_SECURITY) += security.o dummy.o inode.o
-diff -urpN linux-source-2.6.26.orig/security/min_addr.c linux-source-2.6.26/security/min_addr.c
---- linux-source-2.6.26.orig/security/min_addr.c 1969-12-31 17:00:00.000000000 -0700
-+++ linux-source-2.6.26/security/min_addr.c 2009-09-30 09:21:57.000000000 -0600
+diff -urpN linux-source-2.6.24.orig/security/min_addr.c linux-source-2.6.24/security/min_addr.c
+--- linux-source-2.6.24.orig/security/min_addr.c 1969-12-31 17:00:00.000000000 -0700
++++ linux-source-2.6.24/security/min_addr.c 2010-01-31 17:51:51.000000000 -0700
@@ -0,0 +1,49 @@
+#include <linux/init.h>
+#include <linux/mm.h>
@@ -236,10 +227,10 @@
+ return 0;
+}
+pure_initcall(init_mmap_min_addr);
-diff -urpN linux-source-2.6.26.orig/security/selinux/hooks.c linux-source-2.6.26/security/selinux/hooks.c
---- linux-source-2.6.26.orig/security/selinux/hooks.c 2009-09-30 09:14:01.000000000 -0600
-+++ linux-source-2.6.26/security/selinux/hooks.c 2009-09-30 09:21:57.000000000 -0600
-@@ -2951,7 +2951,7 @@ static int selinux_file_mmap(struct file
+diff -urpN linux-source-2.6.24.orig/security/selinux/hooks.c linux-source-2.6.24/security/selinux/hooks.c
+--- linux-source-2.6.24.orig/security/selinux/hooks.c 2010-01-31 17:47:06.000000000 -0700
++++ linux-source-2.6.24/security/selinux/hooks.c 2010-01-31 17:51:51.000000000 -0700
+@@ -2608,7 +2608,7 @@ static int selinux_file_mmap(struct file
* at bad behaviour/exploit that we always want to get the AVC, even
* if DAC would have also denied the operation.
*/
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch Mon Feb 1 02:42:03 2010 (r15070)
@@ -1,3 +1,20 @@
+commit a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84
+Author: Eric Paris <eparis at redhat.com>
+Date: Thu Jan 31 15:11:22 2008 -0500
+
+ security: allow Kconfig to set default mmap_min_addr protection
+
+ Since it was decided that low memory protection from userspace couldn't
+ be turned on by default add a Kconfig option to allow users/distros to
+ set a default at compile time. This value is still tunable after boot
+ in /proc/sys/vm/mmap_min_addr
+
+ Discussion:
+ http://www.mail-archive.com/linux-security-module@vger.kernel.org/msg02543.h
+
+ Signed-off-by: Eric Paris <eparis at redhat.com>
+ Signed-off-by: James Morris <jmorris at namei.org>
+
commit e0a94c2a63f2644826069044649669b5e7ca75d3
Author: Christoph Lameter <cl at linux-foundation.org>
Date: Wed Jun 3 16:04:31 2009 -0400
@@ -15,12 +32,11 @@
Looks-ok-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: James Morris <jmorris at namei.org>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
-
-diff -urpN linux-source-2.6.26.orig/include/linux/mm.h linux-source-2.6.26/include/linux/mm.h
---- linux-source-2.6.26.orig/include/linux/mm.h 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/include/linux/mm.h 2009-09-29 23:26:05.000000000 -0600
-@@ -563,12 +563,10 @@ static inline void set_page_links(struct
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+diff -urpN linux-source-2.6.24.orig/include/linux/mm.h linux-source-2.6.24/include/linux/mm.h
+--- linux-source-2.6.24.orig/include/linux/mm.h 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/include/linux/mm.h 2010-01-31 17:42:23.000000000 -0700
+@@ -519,12 +519,10 @@ static inline void set_page_links(struct
*/
static inline unsigned long round_hint_to_min(unsigned long hint)
{
@@ -33,22 +49,22 @@
return hint;
}
-diff -urpN linux-source-2.6.26.orig/include/linux/security.h linux-source-2.6.26/include/linux/security.h
---- linux-source-2.6.26.orig/include/linux/security.h 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/include/linux/security.h 2009-09-29 23:26:05.000000000 -0600
-@@ -2135,6 +2135,8 @@ static inline int security_file_mmap(str
- unsigned long addr,
- unsigned long addr_only)
+diff -urpN linux-source-2.6.24.orig/include/linux/security.h linux-source-2.6.24/include/linux/security.h
+--- linux-source-2.6.24.orig/include/linux/security.h 2009-11-04 18:42:04.000000000 -0700
++++ linux-source-2.6.24/include/linux/security.h 2010-01-31 17:42:23.000000000 -0700
+@@ -2138,6 +2138,8 @@ static inline void security_task_to_inod
+ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+ short flag)
{
+ if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
+ return -EACCES;
return 0;
}
-diff -urpN linux-source-2.6.26.orig/kernel/sysctl.c linux-source-2.6.26/kernel/sysctl.c
---- linux-source-2.6.26.orig/kernel/sysctl.c 2009-08-18 23:15:11.000000000 -0600
-+++ linux-source-2.6.26/kernel/sysctl.c 2009-09-29 23:26:05.000000000 -0600
-@@ -1093,7 +1093,6 @@ static struct ctl_table vm_table[] = {
+diff -urpN linux-source-2.6.24.orig/kernel/sysctl.c linux-source-2.6.24/kernel/sysctl.c
+--- linux-source-2.6.24.orig/kernel/sysctl.c 2009-11-04 18:42:05.000000000 -0700
++++ linux-source-2.6.24/kernel/sysctl.c 2010-01-31 17:42:23.000000000 -0700
+@@ -1047,7 +1047,6 @@ static struct ctl_table vm_table[] = {
.strategy = &sysctl_jiffies,
},
#endif
@@ -56,7 +72,7 @@
{
.ctl_name = CTL_UNNUMBERED,
.procname = "mmap_min_addr",
-@@ -1102,7 +1101,6 @@ static struct ctl_table vm_table[] = {
+@@ -1056,7 +1055,6 @@ static struct ctl_table vm_table[] = {
.mode = 0644,
.proc_handler = &proc_doulongvec_minmax,
},
@@ -64,10 +80,10 @@
#ifdef CONFIG_NUMA
{
.ctl_name = CTL_UNNUMBERED,
-diff -urpN linux-source-2.6.26.orig/mm/Kconfig linux-source-2.6.26/mm/Kconfig
---- linux-source-2.6.26.orig/mm/Kconfig 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/mm/Kconfig 2009-09-29 23:28:51.000000000 -0600
-@@ -205,3 +205,23 @@ config NR_QUICK
+diff -urpN linux-source-2.6.24.orig/mm/Kconfig linux-source-2.6.24/mm/Kconfig
+--- linux-source-2.6.24.orig/mm/Kconfig 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/mm/Kconfig 2010-01-31 17:42:23.000000000 -0700
+@@ -193,3 +193,23 @@ config NR_QUICK
config VIRT_TO_BUS
def_bool y
depends on !ARCH_NO_VIRT_TO_BUS
@@ -91,12 +107,12 @@
+ /proc/sys/vm/mmap_min_addr tunable.
+
+
-diff -urpN linux-source-2.6.26.orig/mm/mmap.c linux-source-2.6.26/mm/mmap.c
---- linux-source-2.6.26.orig/mm/mmap.c 2009-08-18 23:15:11.000000000 -0600
-+++ linux-source-2.6.26/mm/mmap.c 2009-09-29 23:26:05.000000000 -0600
-@@ -82,6 +82,9 @@ int sysctl_overcommit_ratio = 50; /* def
+diff -urpN linux-source-2.6.24.orig/mm/mmap.c linux-source-2.6.24/mm/mmap.c
+--- linux-source-2.6.24.orig/mm/mmap.c 2009-11-04 18:42:05.000000000 -0700
++++ linux-source-2.6.24/mm/mmap.c 2010-01-31 17:42:23.000000000 -0700
+@@ -78,6 +78,9 @@ int sysctl_overcommit_ratio = 50; /* def
int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
- atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0);
+ atomic_t vm_committed_space = ATOMIC_INIT(0);
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
@@ -104,49 +120,25 @@
/*
* Check that a process has enough memory to allocate a new virtual
* mapping. 0 means there is enough memory for the allocation to
-diff -urpN linux-source-2.6.26.orig/security/Kconfig linux-source-2.6.26/security/Kconfig
---- linux-source-2.6.26.orig/security/Kconfig 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/security/Kconfig 2009-09-29 23:26:05.000000000 -0600
-@@ -101,28 +101,8 @@ config SECURITY_ROOTPLUG
-
- See <http://www.linuxjournal.com/article.php?sid=6279> for
- more information about this module.
--
-- If you are unsure how to answer this question, answer N.
--
--config SECURITY_DEFAULT_MMAP_MIN_ADDR
-- int "Low address space to protect from user allocation"
-- depends on SECURITY
-- default 0
-- help
-- This is the portion of low virtual memory which should be protected
-- from userspace allocation. Keeping a user from writing to low pages
-- can help reduce the impact of kernel NULL pointer bugs.
--
-- For most ia64, ppc64 and x86 users with lots of address space
-- a value of 65536 is reasonable and should cause no problems.
-- On arm and other archs it should not be higher than 32768.
-- Programs which use vm86 functionality would either need additional
-- permissions from either the LSM or the capabilities module or have
-- this protection disabled.
--
-- This value can be changed after boot using the
-- /proc/sys/vm/mmap_min_addr tunable.
-
-+ If you are unsure how to answer this question, answer N.
+diff -urpN linux-source-2.6.24.orig/security/Kconfig linux-source-2.6.24/security/Kconfig
+--- linux-source-2.6.24.orig/security/Kconfig 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/security/Kconfig 2010-01-31 17:43:00.000000000 -0700
+@@ -103,6 +103,7 @@ config SECURITY_ROOTPLUG
+
+ If you are unsure how to answer this question, answer N.
++
source security/selinux/Kconfig
- source security/smack/Kconfig
-diff -urpN linux-source-2.6.26.orig/security/security.c linux-source-2.6.26/security/security.c
---- linux-source-2.6.26.orig/security/security.c 2008-07-13 15:51:29.000000000 -0600
-+++ linux-source-2.6.26/security/security.c 2009-09-29 23:26:05.000000000 -0600
-@@ -26,9 +26,6 @@ extern void security_fixup_ops(struct se
+
+ endmenu
+diff -urpN linux-source-2.6.24.orig/security/security.c linux-source-2.6.24/security/security.c
+--- linux-source-2.6.24.orig/security/security.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/security/security.c 2010-01-31 17:42:23.000000000 -0700
+@@ -23,7 +23,6 @@ extern struct security_operations dummy_
+ extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
+-unsigned long mmap_min_addr; /* 0 means no protection */
--/* amount of vm to protect from userspace access */
--unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
--
static inline int verify(struct security_operations *ops)
{
- /* verify the security_operations structure exists */
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch Mon Feb 1 02:42:03 2010 (r15070)
@@ -14,14 +14,14 @@
Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/security/selinux/hooks.c linux-source-2.6.26/security/selinux/hooks.c
---- linux-source-2.6.26.orig/security/selinux/hooks.c 2009-08-18 23:15:14.000000000 -0600
-+++ linux-source-2.6.26/security/selinux/hooks.c 2009-09-29 23:38:01.000000000 -0600
-@@ -2945,9 +2945,21 @@ static int selinux_file_mmap(struct file
+diff -urpN linux-source-2.6.24.orig/security/selinux/hooks.c linux-source-2.6.24/security/selinux/hooks.c
+--- linux-source-2.6.24.orig/security/selinux/hooks.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/security/selinux/hooks.c 2010-01-31 17:47:06.000000000 -0700
+@@ -2602,9 +2602,21 @@ static int selinux_file_mmap(struct file
int rc = 0;
- u32 sid = ((struct task_security_struct *)(current->security))->sid;
+ u32 sid = ((struct task_security_struct*)(current->security))->sid;
- if (addr < mmap_min_addr)
+ /*
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 00:20:52 2010 (r15069)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:42:03 2010 (r15070)
@@ -1 +1,7 @@
+ bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
++ bugfix/all/security-use-mmap_min_addr-independently-of-security-models.patch
++ bugfix/all/selinux-call-cap_file_mmap-in-selinux_file_mmap.patch
++ bugfix/all/capabilities-move-cap_file_mmap-to-commoncap.c.patch
++ bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch
++ bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch
++ bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch
More information about the Kernel-svn-changes
mailing list