[kernel] r17981 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/features/all/vserver patches/series

Dann Frazier dannf at alioth.debian.org
Sun Aug 21 21:51:13 UTC 2011 

Author: dannf
Date: Sun Aug 21 21:51:11 2011
New Revision: 17981

Log:
proc: restrict access to /proc/PID/io (CVE-2011-2495)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/proc-restrict-access-to-proc-pid-io.patch
      - copied, changed from r17980, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-restrict-access-to-proc-pid-io.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny4

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Sun Aug 21 15:20:47 2011	(r17980)
+++ dists/lenny-security/linux-2.6/debian/changelog	Sun Aug 21 21:51:11 2011	(r17981)
@@ -4,6 +4,7 @@
   * Fix regression in fix for CVE-2011-1768 (Closes: #633738)
   * taskstats: don't allow duplicate entries in listener mode (CVE-2011-2484)
   * NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)
+  * proc: restrict access to /proc/PID/io (CVE-2011-2495)
 
   [ Moritz Muehlenhoff ]
   * ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)

Copied and modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/proc-restrict-access-to-proc-pid-io.patch (from r17980, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-restrict-access-to-proc-pid-io.patch)
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/proc-restrict-access-to-proc-pid-io.patch	Sun Aug 21 15:20:47 2011	(r17980, copy source)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/proc-restrict-access-to-proc-pid-io.patch	Sun Aug 21 21:51:11 2011	(r17981)
@@ -15,36 +15,28 @@
     
     Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
     Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+    [dannf: backported to Debian's 2.6.26]
 
 diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 8a84210..fc5bc27 100644
+index 3f20d5d..bce2890 100644
 --- a/fs/proc/base.c
 +++ b/fs/proc/base.c
-@@ -2708,6 +2708,9 @@ static int do_io_accounting(struct task_struct *task, char *buffer, int whole)
- 	struct task_io_accounting acct = task->ioac;
- 	unsigned long flags;
- 
-+	if (!ptrace_may_access(task, PTRACE_MODE_READ))
+@@ -2378,6 +2378,9 @@ static int proc_base_fill_cache(struct file *filp, void *dirent,
+ #ifdef CONFIG_TASK_IO_ACCOUNTING
+ static int proc_pid_io_accounting(struct task_struct *task, char *buffer)
+ {
++	if (!ptrace_may_attach(task))
 +		return -EACCES;
 +
- 	if (whole && lock_task_sighand(task, &flags)) {
- 		struct task_struct *t = task;
- 
-@@ -2839,7 +2842,7 @@ static const struct pid_entry tgid_base_stuff[] = {
- 	REG("coredump_filter", S_IRUGO|S_IWUSR, proc_coredump_filter_operations),
+ 	return sprintf(buffer,
+ #ifdef CONFIG_TASK_XACCT
+ 			"rchar: %llu\n"
+@@ -2470,7 +2473,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+ 	REG("coredump_filter", S_IRUGO|S_IWUSR, coredump_filter),
  #endif
  #ifdef CONFIG_TASK_IO_ACCOUNTING
--	INF("io",	S_IRUGO, proc_tgid_io_accounting),
-+	INF("io",	S_IRUSR, proc_tgid_io_accounting),
- #endif
- #ifdef CONFIG_HARDWALL
- 	INF("hardwall",   S_IRUGO, proc_pid_hardwall),
-@@ -3181,7 +3184,7 @@ static const struct pid_entry tid_base_stuff[] = {
- 	REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations),
+-	INF("io",	S_IRUGO, pid_io_accounting),
++	INF("io",	S_IRUSR, pid_io_accounting),
  #endif
- #ifdef CONFIG_TASK_IO_ACCOUNTING
--	INF("io",	S_IRUGO, proc_tid_io_accounting),
-+	INF("io",	S_IRUSR, proc_tid_io_accounting),
- #endif
- #ifdef CONFIG_HARDWALL
- 	INF("hardwall",   S_IRUGO, proc_pid_hardwall),
+ };
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch	Sun Aug 21 15:20:47 2011	(r17980)
+++ dists/lenny-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.35.patch	Sun Aug 21 21:51:11 2011	(r17981)
@@ -6961,7 +6961,7 @@
  #ifdef CONFIG_AUDITSYSCALL
 @@ -2471,6 +2487,7 @@ static const struct pid_entry tgid_base_
  #ifdef CONFIG_TASK_IO_ACCOUNTING
- 	INF("io",	S_IRUGO, pid_io_accounting),
+ 	INF("io",	S_IRUSR, pid_io_accounting),
  #endif
 +	ONE("nsproxy",	S_IRUGO, pid_nsproxy),
  };

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Sun Aug 21 15:20:47 2011	(r17980)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Sun Aug 21 21:51:11 2011	(r17981)
@@ -6,3 +6,4 @@
 + bugfix/all/taskstats-don-t-allow-duplicate-entries-in-listener-mode.patch
 + bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
 + debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
++ bugfix/all/proc-restrict-access-to-proc-pid-io.patch

More information about the Kernel-svn-changes mailing list