[kernel] r18151 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/features/all/rt patches/series
Ben Hutchings
benh at alioth.debian.org
Wed Oct 5 14:14:36 UTC 2011
Author: benh
Date: Wed Oct 5 14:14:35 2011
New Revision: 18151
Log:
Make taskstats require root access (CVE-2011-2494)
We want this fix everywhere, not just in rt!
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch
dists/sid/linux-2.6/debian/patches/series/5
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Wed Oct 5 09:10:16 2011 (r18150)
+++ dists/sid/linux-2.6/debian/changelog Wed Oct 5 14:14:35 2011 (r18151)
@@ -55,6 +55,7 @@
For the complete list of changes, see:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.5
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.6
+ * Make taskstats require root access (CVE-2011-2494)
[ Uwe Kleine-König ]
* [amd64] Update rt featureset to 3.0.6-rt16 (Closes: #643301)
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch Wed Oct 5 14:14:35 2011 (r18151)
@@ -0,0 +1,37 @@
+From: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Mon, 19 Sep 2011 17:04:37 -0700
+Subject: [PATCH] Make TASKSTATS require root access
+
+commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream.
+
+Ok, this isn't optimal, since it means that 'iotop' needs admin
+capabilities, and we may have to work on this some more. But at the
+same time it is very much not acceptable to let anybody just read
+anybody elses IO statistics quite at this level.
+
+Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
+to checking the capabilities by hand.
+
+Reported-by: Vasiliy Kulikov <segoon at openwall.com>
+Cc: Johannes Berg <johannes.berg at intel.com>
+Acked-by: Balbir Singh <bsingharora at gmail.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ kernel/taskstats.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/taskstats.c b/kernel/taskstats.c
+index e19ce14..e660464 100644
+--- a/kernel/taskstats.c
++++ b/kernel/taskstats.c
+@@ -655,6 +655,7 @@ static struct genl_ops taskstats_ops = {
+ .cmd = TASKSTATS_CMD_GET,
+ .doit = taskstats_user_cmd,
+ .policy = taskstats_cmd_get_policy,
++ .flags = GENL_ADMIN_PERM,
+ };
+
+ static struct genl_ops cgroupstats_ops = {
+--
+1.7.6.3
+
Modified: dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch
==============================================================================
--- dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch Wed Oct 5 09:10:16 2011 (r18150)
+++ dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch Wed Oct 5 14:14:35 2011 (r18151)
@@ -1,3 +1,6 @@
+[bwh: Dropped fix to kernel/taskstats.c applied separately in
+ bugfix/all/Make-TASKSTATS-require-root-access.patch]
+
Index: linux-2.6/mm/memory.c
===================================================================
--- linux-2.6.orig/mm/memory.c
@@ -1228,18 +1231,6 @@
inc_irq_stat(x86_platform_ipis);
if (x86_platform_ipi_callback)
-Index: linux-2.6/kernel/taskstats.c
-===================================================================
---- linux-2.6.orig/kernel/taskstats.c
-+++ linux-2.6/kernel/taskstats.c
-@@ -657,6 +657,7 @@ static struct genl_ops taskstats_ops = {
- .cmd = TASKSTATS_CMD_GET,
- .doit = taskstats_user_cmd,
- .policy = taskstats_cmd_get_policy,
-+ .flags = GENL_ADMIN_PERM,
- };
-
- static struct genl_ops cgroupstats_ops = {
Index: linux-2.6/kernel/trace/ftrace.c
===================================================================
--- linux-2.6.orig/kernel/trace/ftrace.c
Modified: dists/sid/linux-2.6/debian/patches/series/5
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/5 Wed Oct 5 09:10:16 2011 (r18150)
+++ dists/sid/linux-2.6/debian/patches/series/5 Wed Oct 5 14:14:35 2011 (r18151)
@@ -7,3 +7,5 @@
- bugfix/all/netfilter-TCP-and-raw-fix-for-ip_route_me_harder.patch
+ bugfix/all/stable/3.0.5.patch
+ bugfix/all/stable/3.0.6.patch
+
++ bugfix/all/Make-TASKSTATS-require-root-access.patch
More information about the Kernel-svn-changes
mailing list