[kernel] r15261 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Feb 23 00:36:45 UTC 2010
Author: dannf
Date: Tue Feb 23 00:36:42 2010
New Revision: 15261
Log:
Replace fix for CVE-2009-2691 w/ upstreamed version
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/mm_for_maps-shift-down_read-to-caller.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/mm_for_maps-simplify-use-ptrace_may_access.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch3
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Tue Feb 23 00:22:25 2010 (r15260)
+++ dists/etch-security/linux-2.6.24/debian/changelog Tue Feb 23 00:36:42 2010 (r15261)
@@ -3,6 +3,7 @@
* Fix a patch offset issue that resulted in a build failure when
CONFIG_SECURITY=n (this is only true for powerpc).
* Build fix for CVE-2010-0291 change on powerpc64
+ * Replace fix for CVE-2009-2691 w/ upstreamed version
-- dann frazier <dannf at debian.org> Fri, 19 Feb 2010 18:16:36 -0700
Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/mm_for_maps-shift-down_read-to-caller.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/mm_for_maps-shift-down_read-to-caller.patch Tue Feb 23 00:36:42 2010 (r15261)
@@ -0,0 +1,49 @@
+diff -urpN linux-source-2.6.24.orig/fs/proc/base.c linux-source-2.6.24/fs/proc/base.c
+--- linux-source-2.6.24.orig/fs/proc/base.c 2010-02-22 17:31:39.000000000 -0700
++++ linux-source-2.6.24/fs/proc/base.c 2010-02-22 17:32:37.000000000 -0700
+@@ -205,9 +205,8 @@ static int proc_root_link(struct inode *
+ struct mm_struct *mm_for_maps(struct task_struct *task)
+ {
+ struct mm_struct *mm = get_task_mm(task);
+- if (!mm)
+- return NULL;
+- if (mm != current->mm) {
++
++ if (mm && mm != current->mm) {
+ /*
+ * task->mm can be changed before security check,
+ * in that case we must notice the change after.
+@@ -215,10 +214,9 @@ struct mm_struct *mm_for_maps(struct tas
+ if (!ptrace_may_attach(task) ||
+ mm != task->mm) {
+ mmput(mm);
+- return NULL;
++ mm = NULL;
+ }
+ }
+- down_read(&mm->mmap_sem);
+ return mm;
+ }
+
+diff -urpN linux-source-2.6.24.orig/fs/proc/task_mmu.c linux-source-2.6.24/fs/proc/task_mmu.c
+--- linux-source-2.6.24.orig/fs/proc/task_mmu.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/proc/task_mmu.c 2010-02-22 17:32:37.000000000 -0700
+@@ -392,6 +392,7 @@ static void *m_start(struct seq_file *m,
+
+ if (last_addr == -1UL)
+ return NULL;
++ down_read(&mm->mmap_sem);
+
+ priv->task = get_pid_task(priv->pid, PIDTYPE_PID);
+ if (!priv->task)
+diff -urpN linux-source-2.6.24.orig/fs/proc/task_nommu.c linux-source-2.6.24/fs/proc/task_nommu.c
+--- linux-source-2.6.24.orig/fs/proc/task_nommu.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/fs/proc/task_nommu.c 2010-02-22 17:32:37.000000000 -0700
+@@ -171,6 +171,7 @@ static void *m_start(struct seq_file *m,
+ priv->task = NULL;
+ return NULL;
+ }
++ down_read(&mm->mmap_sem);
+
+ /* start from the Nth VMA */
+ for (vml = mm->context.vmlist; vml; vml = vml->next)
Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/mm_for_maps-simplify-use-ptrace_may_access.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/mm_for_maps-simplify-use-ptrace_may_access.patch Tue Feb 23 00:36:42 2010 (r15261)
@@ -0,0 +1,34 @@
+diff -urpN linux-source-2.6.24.orig/fs/proc/base.c linux-source-2.6.24/fs/proc/base.c
+--- linux-source-2.6.24.orig/fs/proc/base.c 2010-02-22 17:31:00.000000000 -0700
++++ linux-source-2.6.24/fs/proc/base.c 2010-02-22 17:31:39.000000000 -0700
+@@ -207,19 +207,19 @@ struct mm_struct *mm_for_maps(struct tas
+ struct mm_struct *mm = get_task_mm(task);
+ if (!mm)
+ return NULL;
++ if (mm != current->mm) {
++ /*
++ * task->mm can be changed before security check,
++ * in that case we must notice the change after.
++ */
++ if (!ptrace_may_attach(task) ||
++ mm != task->mm) {
++ mmput(mm);
++ return NULL;
++ }
++ }
+ down_read(&mm->mmap_sem);
+- task_lock(task);
+- if (task->mm != mm)
+- goto out;
+- if (task->mm != current->mm && __ptrace_may_attach(task) < 0)
+- goto out;
+- task_unlock(task);
+ return mm;
+-out:
+- task_unlock(task);
+- up_read(&mm->mmap_sem);
+- mmput(mm);
+- return NULL;
+ }
+
+ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch3
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch3 Tue Feb 23 00:22:25 2010 (r15260)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch3 Tue Feb 23 00:36:42 2010 (r15261)
@@ -1,2 +1,5 @@
+ bugfix/all/security-mmap-fix-patch-offset.patch
+ bugfix/all/untangle-the-do_mremap-mess-ppc64-fix.patch
+- bugfix/all/maps-visible-during-initial-setuid-ELF-loading.patch
++ bugfix/all/mm_for_maps-simplify-use-ptrace_may_access.patch
++ bugfix/all/mm_for_maps-shift-down_read-to-caller.patch
More information about the Kernel-svn-changes
mailing list