[kernel] r18151 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/features/all/rt patches/series

Ben Hutchings benh at alioth.debian.org
Wed Oct 5 14:14:36 UTC 2011 

Author: benh
Date: Wed Oct  5 14:14:35 2011
New Revision: 18151

Log:
Make taskstats require root access (CVE-2011-2494)

We want this fix everywhere, not just in rt!

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch
   dists/sid/linux-2.6/debian/patches/series/5

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Wed Oct  5 09:10:16 2011	(r18150)
+++ dists/sid/linux-2.6/debian/changelog	Wed Oct  5 14:14:35 2011	(r18151)
@@ -55,6 +55,7 @@
     For the complete list of changes, see:
      http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.5
      http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.6
+  * Make taskstats require root access (CVE-2011-2494)
 
   [ Uwe Kleine-König ]
   * [amd64] Update rt featureset to 3.0.6-rt16 (Closes: #643301)

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch	Wed Oct  5 14:14:35 2011	(r18151)
@@ -0,0 +1,37 @@
+From: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Mon, 19 Sep 2011 17:04:37 -0700
+Subject: [PATCH] Make TASKSTATS require root access
+
+commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream.
+
+Ok, this isn't optimal, since it means that 'iotop' needs admin
+capabilities, and we may have to work on this some more.  But at the
+same time it is very much not acceptable to let anybody just read
+anybody elses IO statistics quite at this level.
+
+Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
+to checking the capabilities by hand.
+
+Reported-by: Vasiliy Kulikov <segoon at openwall.com>
+Cc: Johannes Berg <johannes.berg at intel.com>
+Acked-by: Balbir Singh <bsingharora at gmail.com>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ kernel/taskstats.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/taskstats.c b/kernel/taskstats.c
+index e19ce14..e660464 100644
+--- a/kernel/taskstats.c
++++ b/kernel/taskstats.c
+@@ -655,6 +655,7 @@ static struct genl_ops taskstats_ops = {
+ 	.cmd		= TASKSTATS_CMD_GET,
+ 	.doit		= taskstats_user_cmd,
+ 	.policy		= taskstats_cmd_get_policy,
++	.flags		= GENL_ADMIN_PERM,
+ };
+ 
+ static struct genl_ops cgroupstats_ops = {
+-- 
+1.7.6.3
+

Modified: dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch
==============================================================================
--- dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch	Wed Oct  5 09:10:16 2011	(r18150)
+++ dists/sid/linux-2.6/debian/patches/features/all/rt/patch-3.0.6-rt16.patch	Wed Oct  5 14:14:35 2011	(r18151)
@@ -1,3 +1,6 @@
+[bwh: Dropped fix to kernel/taskstats.c applied separately in
+ bugfix/all/Make-TASKSTATS-require-root-access.patch]
+
 Index: linux-2.6/mm/memory.c
 ===================================================================
 --- linux-2.6.orig/mm/memory.c
@@ -1228,18 +1231,6 @@
  	inc_irq_stat(x86_platform_ipis);
  
  	if (x86_platform_ipi_callback)
-Index: linux-2.6/kernel/taskstats.c
-===================================================================
---- linux-2.6.orig/kernel/taskstats.c
-+++ linux-2.6/kernel/taskstats.c
-@@ -657,6 +657,7 @@ static struct genl_ops taskstats_ops = {
- 	.cmd		= TASKSTATS_CMD_GET,
- 	.doit		= taskstats_user_cmd,
- 	.policy		= taskstats_cmd_get_policy,
-+	.flags		= GENL_ADMIN_PERM,
- };
- 
- static struct genl_ops cgroupstats_ops = {
 Index: linux-2.6/kernel/trace/ftrace.c
 ===================================================================
 --- linux-2.6.orig/kernel/trace/ftrace.c

Modified: dists/sid/linux-2.6/debian/patches/series/5
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/5	Wed Oct  5 09:10:16 2011	(r18150)
+++ dists/sid/linux-2.6/debian/patches/series/5	Wed Oct  5 14:14:35 2011	(r18151)
@@ -7,3 +7,5 @@
 - bugfix/all/netfilter-TCP-and-raw-fix-for-ip_route_me_harder.patch
 + bugfix/all/stable/3.0.5.patch
 + bugfix/all/stable/3.0.6.patch
+
++ bugfix/all/Make-TASKSTATS-require-root-access.patch

More information about the Kernel-svn-changes mailing list