[kernel] r19807 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/x86 patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Feb 14 07:02:30 UTC 2013
Author: dannf
Date: Thu Feb 14 07:02:29 2013
New Revision: 19807
Log:
x86/msr: Add capabilities check (CVE-2013-0268)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/msr-add-capabilities-check.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Thu Feb 14 06:57:50 2013 (r19806)
+++ dists/squeeze-security/linux-2.6/debian/changelog Thu Feb 14 07:02:29 2013 (r19807)
@@ -8,6 +8,7 @@
(CVE-2011-2695)
* net: sk_add_backlog() take rmem_alloc into account (CVE-2010-4805)
* ipv6: discard overlapping fragment (CVE-2012-4444)
+ * x86/msr: Add capabilities check (CVE-2013-0268)
-- dann frazier <dannf at debian.org> Mon, 22 Oct 2012 20:34:13 -0500
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/msr-add-capabilities-check.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/x86/msr-add-capabilities-check.patch Thu Feb 14 07:02:29 2013 (r19807)
@@ -0,0 +1,48 @@
+commit c903f0456bc69176912dee6dd25c6a66ee1aed00
+Author: Alan Cox <alan at linux.intel.com>
+Date: Thu Nov 15 13:06:22 2012 +0000
+
+ x86/msr: Add capabilities check
+
+ At the moment the MSR driver only relies upon file system
+ checks. This means that anything as root with any capability set
+ can write to MSRs. Historically that wasn't very interesting but
+ on modern processors the MSRs are such that writing to them
+ provides several ways to execute arbitary code in kernel space.
+ Sample code and documentation on doing this is circulating and
+ MSR attacks are used on Windows 64bit rootkits already.
+
+ In the Linux case you still need to be able to open the device
+ file so the impact is fairly limited and reduces the security of
+ some capability and security model based systems down towards
+ that of a generic "root owns the box" setup.
+
+ Therefore they should require CAP_SYS_RAWIO to prevent an
+ elevation of capabilities. The impact of this is fairly minimal
+ on most setups because they don't have heavy use of
+ capabilities. Those using SELinux, SMACK or AppArmor rules might
+ want to consider if their rulesets on the MSR driver could be
+ tighter.
+
+ Signed-off-by: Alan Cox <alan at linux.intel.com>
+ Cc: Linus Torvalds <torvalds at linux-foundation.org>
+ Cc: Andrew Morton <akpm at linux-foundation.org>
+ Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
+ Cc: Horses <stable at kernel.org>
+ Signed-off-by: Ingo Molnar <mingo at kernel.org>
+ [dannf: backported to Debian's 2.6.32]
+
+diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
+index 5eaeb5e..63a053b 100644
+--- a/arch/x86/kernel/msr.c
++++ b/arch/x86/kernel/msr.c
+@@ -176,6 +176,9 @@ static int msr_open(struct inode *inode, struct file *file)
+ struct cpuinfo_x86 *c = &cpu_data(cpu);
+ int ret = 0;
+
++ if (!capable(CAP_SYS_RAWIO))
++ return -EPERM;
++
+ lock_kernel();
+ cpu = iminor(file->f_path.dentry->d_inode);
+
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1 Thu Feb 14 06:57:50 2013 (r19806)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/46squeeze1 Thu Feb 14 07:02:29 2013 (r19807)
@@ -11,3 +11,4 @@
+ bugfix/all/net-sk_add_backlog-take-remem_alloc-into-account.patch
+ debian/net-Avoid-ABI-change-from-limit-for-socket-backlog-2.patch
+ bugfix/all/ipv6-discard-overlapping-fragment.patch
++ bugfix/x86/msr-add-capabilities-check.patch
More information about the Kernel-svn-changes
mailing list