[kernel] r18976 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/features/all/vserver patches/series

Dann Frazier dannf at alioth.debian.org
Fri May 4 05:53:42 UTC 2012 

Author: dannf
Date: Fri May  4 05:53:39 2012
New Revision: 18976

Log:
fcaps: clear the same personality flags as suid when fcaps are used
(CVE-2012-2123)

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/security-fix-compile-error-in-commoncap.c.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch
   dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Fri May  4 04:32:41 2012	(r18975)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Fri May  4 05:53:39 2012	(r18976)
@@ -6,6 +6,8 @@
   * KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
     (CVE-2012-1601)
   * hugepages: fix use after free bug in "quota" handling (CVE-2012-2133)
+  * fcaps: clear the same personality flags as suid when fcaps are used
+    (CVE-2012-2123)
 
  -- dann frazier <dannf at debian.org>  Thu, 26 Apr 2012 23:29:43 -0600
 

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch	Fri May  4 05:53:39 2012	(r18976)
@@ -0,0 +1,32 @@
+commit d52fc5dde171f030170a6cb78034d166b13c9445
+Author: Eric Paris <eparis at redhat.com>
+Date:   Tue Apr 17 16:26:54 2012 -0400
+
+    fcaps: clear the same personality flags as suid when fcaps are used
+    
+    If a process increases permissions using fcaps all of the dangerous
+    personality flags which are cleared for suid apps should also be cleared.
+    Thus programs given priviledge with fcaps will continue to have address space
+    randomization enabled even if the parent tried to disable it to make it
+    easier to attack.
+    
+    Signed-off-by: Eric Paris <eparis at redhat.com>
+    Reviewed-by: Serge Hallyn <serge.hallyn at canonical.com>
+    Signed-off-by: James Morris <james.l.morris at oracle.com>
+
+diff --git a/security/commoncap.c b/security/commoncap.c
+index 0cf4b53..0ecf4ba 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -505,6 +505,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
+ 	}
+ skip:
+ 
++	/* if we have fs caps, clear dangerous personality flags */
++	if (!cap_issubset(new->cap_permitted, old->cap_permitted))
++		bprm->per_clear |= PER_CLEAR_ON_SETID;
++
++
+ 	/* Don't let someone trace a set[ug]id/setpcap binary with the revised
+ 	 * credentials unless they have the appropriate permit
+ 	 */

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/security-fix-compile-error-in-commoncap.c.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/security-fix-compile-error-in-commoncap.c.patch	Fri May  4 05:53:39 2012	(r18976)
@@ -0,0 +1,29 @@
+commit 51b79bee627d526199b2f6a6bef8ee0c0739b6d1
+Author: Jonghwan Choi <jhbird.choi at samsung.com>
+Date:   Wed Apr 18 17:23:04 2012 -0400
+
+    security: fix compile error in commoncap.c
+    
+    Add missing "personality.h"
+    security/commoncap.c: In function 'cap_bprm_set_creds':
+    security/commoncap.c:510: error: 'PER_CLEAR_ON_SETID' undeclared (first use in this function)
+    security/commoncap.c:510: error: (Each undeclared identifier is reported only once
+    security/commoncap.c:510: error: for each function it appears in.)
+    
+    Signed-off-by: Jonghwan Choi <jhbird.choi at samsung.com>
+    Acked-by: Serge Hallyn <serge.hallyn at canonical.com>
+    Signed-off-by: James Morris <james.l.morris at oracle.com>
+    [dannf: adjusted to apply to Debian's 2.6.32]
+
+diff --git a/security/commoncap.c b/security/commoncap.c
+index ddc07e0..625cf12 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -27,6 +27,7 @@
+ #include <linux/sched.h>
+ #include <linux/prctl.h>
+ #include <linux/securebits.h>
++#include <linux/personality.h>
+ 
+ /*
+  * If a non-root user executes a setuid-root binary in

Modified: dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch	Fri May  4 04:32:41 2012	(r18975)
+++ dists/squeeze-security/linux-2.6/debian/patches/features/all/vserver/vs2.3.0.36.29.8.patch	Fri May  4 05:53:39 2012	(r18976)
@@ -28257,10 +28257,10 @@
  
 --- a/security/commoncap.c	2009-12-03 20:03:02.000000000 +0100
 +++ a/security/commoncap.c	2011-06-10 13:03:02.000000000 +0200
-@@ -27,6 +27,7 @@
- #include <linux/sched.h>
+@@ -28,6 +28,7 @@
  #include <linux/prctl.h>
  #include <linux/securebits.h>
+ #include <linux/personality.h>
 +#include <linux/vs_context.h>
  
  /*

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3	Fri May  4 04:32:41 2012	(r18975)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/41squeeze3	Fri May  4 05:53:39 2012	(r18976)
@@ -3,3 +3,5 @@
 + bugfix/x86/KVM-disallow-multiple-KVM_CREATE_IRQCHIP.patch
 + bugfix/x86/KVM-Ensure-all-vcpus-are-consistent-with-in-kernel-irqchip-settings.patch
 + bugfix/all/hugepages-fix-use-after-free-bug-in-quota-handling.patch
++ bugfix/all/fcaps-clear-the-same-personality-flags-as-suid-when-fcaps-are-used.patch
++ bugfix/all/security-fix-compile-error-in-commoncap.c.patch

More information about the Kernel-svn-changes mailing list