[kernel] r15857 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Sat Jun 12 00:28:50 UTC 2010 

Author: dannf
Date: Sat Jun 12 00:28:49 2010
New Revision: 15857

Log:
GFS2: Fix permissions checking for setflags ioctl() (CVE-2010-1641)

Added:
   dists/lenny/linux-2.6/debian/patches/bugfix/all/gfs2-fix-perm-checking-for-setflags-ioctl.patch
Modified:
   dists/lenny/linux-2.6/debian/changelog
   dists/lenny/linux-2.6/debian/patches/series/23

Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog	Sat Jun 12 00:04:17 2010	(r15856)
+++ dists/lenny/linux-2.6/debian/changelog	Sat Jun 12 00:28:49 2010	(r15857)
@@ -6,7 +6,8 @@
   * sctp: fix append error cause to ERROR chunk correctly
     (a further fix for CVE-2010-1173)
   * nsfd: fix vm overcommit crash (CVE-2010-1643)
-
+  * GFS2: Fix permissions checking for setflags ioctl() (CVE-2010-1641)
+  
   [ Ben Hutchings ]
   * [sparc64] Fix definition of VMEMMAP_SIZE (Closes: #509202)
   * megaraid_sas: Version and documentation update (Closes: #547183)

Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/gfs2-fix-perm-checking-for-setflags-ioctl.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/gfs2-fix-perm-checking-for-setflags-ioctl.patch	Sat Jun 12 00:28:49 2010	(r15857)
@@ -0,0 +1,30 @@
+commit c45d8fc758a7b3bcf3dac1897e0070ae7e484cf2
+Author: Steven Whitehouse <swhiteho at redhat.com>
+Date:   Mon May 24 14:36:48 2010 +0100
+
+    GFS2: Fix permissions checking for setflags ioctl()
+    
+    We should be checking for the ownership of the file for which
+    flags are being set, rather than just for write access.
+    
+    [Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>]
+    
+    Reported-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+    Signed-off-by: Steven Whitehouse <swhiteho at redhat.com>
+
+diff --git a/fs/gfs2/ops_file.c b/fs/gfs2/ops_file.c
+index 34cc876..4d7b436 100644
+--- a/fs/gfs2/ops_file.c
++++ b/fs/gfs2/ops_file.c
+@@ -224,6 +224,11 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask)
+ 	if (error)
+ 		return error;
+ 
++	error = -EACCESS;
++	if (!is_owner_or_cap(inode))
++		goto out;
++
++	error = 0;
+ 	flags = ip->i_di.di_flags;
+ 	new_flags = (flags & ~mask) | (reqflags & mask);
+ 	if ((new_flags ^ flags) == 0)

Modified: dists/lenny/linux-2.6/debian/patches/series/23
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/23	Sat Jun 12 00:04:17 2010	(r15856)
+++ dists/lenny/linux-2.6/debian/patches/series/23	Sat Jun 12 00:28:49 2010	(r15857)
@@ -15,3 +15,4 @@
 + bugfix/all/sctp-fix-append-error-cause-to-ERROR-chunk-correctly.patch
 + bugfix/all/nfsd-fix-vm-overcommit-crash.patch
 + bugfix/all/nfsd-fix-vm-overcommit-crash-2.patch
++ bugfix/all/gfs2-fix-perm-checking-for-setflags-ioctl.patch

More information about the Kernel-svn-changes mailing list