[kernel] r18976 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/features/all/vserver patches/series
Dann Frazier
dannf at alioth.debian.org
Fri May 4 05:53:42 UTC 2012
Author: dannf
Date: Fri May 4 05:53:39 2012
New Revision: 18976
Log:
fcaps: clear the same personality flags as suid when fcaps are used
(CVE-2012-2123)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/security-fix-compile-error-in-commoncap.c.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch
dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Fri May 4 04:32:41 2012 (r18975)
+++ dists/squeeze-security/linux-2.6/debian/changelog Fri May 4 05:53:39 2012 (r18976)
@@ -6,6 +6,8 @@
* KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
(CVE-2012-1601)
* hugepages: fix use after free bug in "quota" handling (CVE-2012-2133)
+ * fcaps: clear the same personality flags as suid when fcaps are used
+ (CVE-2012-2123)
-- dann frazier <dannf at debian.org> Thu, 26 Apr 2012 23:29:43 -0600
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch Fri May 4 05:53:39 2012 (r18976)
@@ -0,0 +1,32 @@
+commit d52fc5dde171f030170a6cb78034d166b13c9445
+Author: Eric Paris <eparis at redhat.com>
+Date: Tue Apr 17 16:26:54 2012 -0400
+
+ fcaps: clear the same personality flags as suid when fcaps are used
+
+ If a process increases permissions using fcaps all of the dangerous
+ personality flags which are cleared for suid apps should also be cleared.
+ Thus programs given priviledge with fcaps will continue to have address space
+ randomization enabled even if the parent tried to disable it to make it
+ easier to attack.
+
+ Signed-off-by: Eric Paris <eparis at redhat.com>
+ Reviewed-by: Serge Hallyn <serge.hallyn at canonical.com>
+ Signed-off-by: James Morris <james.l.morris at oracle.com>
+
+diff --git a/security/commoncap.c b/security/commoncap.c
+index 0cf4b53..0ecf4ba 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -505,6 +505,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
+ }
+ skip:
+
++ /* if we have fs caps, clear dangerous personality flags */
++ if (!cap_issubset(new->cap_permitted, old->cap_permitted))
++ bprm->per_clear |= PER_CLEAR_ON_SETID;
++
++
+ /* Don't let someone trace a set[ug]id/setpcap binary with the revised
+ * credentials unless they have the appropriate permit
+ */
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/security-fix-compile-error-in-commoncap.c.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/security-fix-compile-error-in-commoncap.c.patch Fri May 4 05:53:39 2012 (r18976)
@@ -0,0 +1,29 @@
+commit 51b79bee627d526199b2f6a6bef8ee0c0739b6d1
+Author: Jonghwan Choi <jhbird.choi at samsung.com>
+Date: Wed Apr 18 17:23:04 2012 -0400
+
+ security: fix compile error in commoncap.c
+
+ Add missing "personality.h"
+ security/commoncap.c: In function 'cap_bprm_set_creds':
+ security/commoncap.c:510: error: 'PER_CLEAR_ON_SETID' undeclared (first use in this function)
+ security/commoncap.c:510: error: (Each undeclared identifier is reported only once
+ security/commoncap.c:510: error: for each function it appears in.)
+
+ Signed-off-by: Jonghwan Choi <jhbird.choi at samsung.com>
+ Acked-by: Serge Hallyn <serge.hallyn at canonical.com>
+ Signed-off-by: James Morris <james.l.morris at oracle.com>
+ [dannf: adjusted to apply to Debian's 2.6.32]
+
+diff --git a/security/commoncap.c b/security/commoncap.c
+index ddc07e0..625cf12 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -27,6 +27,7 @@
+ #include <linux/sched.h>
+ #include <linux/prctl.h>
+ #include <linux/securebits.h>
++#include <linux/personality.h>
+
+ /*
+ * If a non-root user executes a setuid-root binary in
Modified: dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch Fri May 4 04:32:41 2012 (r18975)
+++ dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch Fri May 4 05:53:39 2012 (r18976)
@@ -28257,10 +28257,10 @@
--- a/security/commoncap.c 2009-12-03 20:03:02.000000000 +0100
+++ a/security/commoncap.c 2011-06-10 13:03:02.000000000 +0200
-@@ -27,6 +27,7 @@
- #include <linux/sched.h>
+@@ -28,6 +28,7 @@
#include <linux/prctl.h>
#include <linux/securebits.h>
+ #include <linux/personality.h>
+#include <linux/vs_context.h>
/*
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3 Fri May 4 04:32:41 2012 (r18975)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3 Fri May 4 05:53:39 2012 (r18976)
@@ -3,3 +3,5 @@
+ bugfix/x86/KVM-disallow-multiple-KVM_CREATE_IRQCHIP.patch
+ bugfix/x86/KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-irqchip-settings.patch
+ bugfix/all/hugepages-fix-use-after-free-bug-in-quota-handling.patch
++ bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch
++ bugfix/all/security-fix-compile-error-in-commoncap.c.patch
More information about the Kernel-svn-changes
mailing list