[kernel] r15062 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sat Jan 30 00:10:38 UTC 2010
Author: dannf
Date: Sat Jan 30 00:10:25 2010
New Revision: 15062
Log:
[SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable
permissions (CVE-2009-3939)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/21lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Fri Jan 29 00:31:47 2010 (r15061)
+++ dists/lenny-security/linux-2.6/debian/changelog Sat Jan 30 00:10:25 2010 (r15062)
@@ -5,6 +5,8 @@
* e1000: enhance frame fragment detection (CVE-2009-4536)
* e1000e: enhance frame fragment detection (CVE-2009-4538)
* Fix several issues with mmap/mremap (CVE-2010-0291)
+ * [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable
+ permissions (CVE-2009-3939)
[ Ben Hutchings ]
* kernel/signal.c: fix kernel information leak with print-fatal-signals=1
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch Sat Jan 30 00:10:25 2010 (r15062)
@@ -0,0 +1,30 @@
+commit bb7d3f24c71e528989501617651b669fbed798cb
+Author: Bryn M. Reeves <bmr at redhat.com>
+Date: Thu Nov 12 18:31:54 2009 +0000
+
+ [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions
+
+ /sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being
+ world-writable, which seems bad (letting any user affect kernel driver
+ behavior).
+
+ This turns off group and user write permissions, so that on typical
+ production systems only root can write to it.
+
+ Signed-off-by: Bryn M. Reeves <bmr at redhat.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/drivers/scsi/megaraid/megaraid_sas.c linux-source-2.6.26/drivers/scsi/megaraid/megaraid_sas.c
+--- linux-source-2.6.26.orig/drivers/scsi/megaraid/megaraid_sas.c 2009-12-26 01:14:58.000000000 -0700
++++ linux-source-2.6.26/drivers/scsi/megaraid/megaraid_sas.c 2010-01-29 16:58:48.000000000 -0700
+@@ -3347,7 +3347,7 @@ out:
+ return retval;
+ }
+
+-static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUGO,
++static DRIVER_ATTR(poll_mode_io, S_IRUGO|S_IWUSR,
+ megasas_sysfs_show_poll_mode_io,
+ megasas_sysfs_set_poll_mode_io);
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny1 Fri Jan 29 00:31:47 2010 (r15061)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny1 Sat Jan 30 00:10:25 2010 (r15062)
@@ -4,3 +4,4 @@
+ bugfix/all/e1000-enhance-frame-fragment-detection.patch
+ bugfix/all/e1000e-enhance-frame-fragment-detection.patch
+ bugfix/all/untangle-the-do_mremap-mess.patch
++ bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch
More information about the Kernel-svn-changes
mailing list