[linux] 01/07: timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Mar 14 14:16:58 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie-security
in repository linux.
commit a59d773cd88726acef315bc9b18a40a27aeaa033
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Mar 13 23:29:47 2017 +0000
timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
---
debian/changelog | 6 ++++
...rict-timer_stats-to-initial-pid-namespace.patch | 37 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 44 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 31e0311..ee44e6f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (3.16.39-1+deb8u3) UNRELEASED; urgency=medium
+
+ * timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 13 Mar 2017 23:29:39 +0000
+
linux (3.16.39-1+deb8u2) jessie-security; urgency=high
[ Salvatore Bonaccorso ]
diff --git a/debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch b/debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
new file mode 100644
index 0000000..ac11a57
--- /dev/null
+++ b/debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
@@ -0,0 +1,37 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 13 Mar 2017 23:03:29 +0000
+Subject: timer: Restrict timer_stats to initial PID namespace
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5967
+
+The timer_stats facility should filter and translate PIDs if opened
+from a non-initial PID namespace, to avoid leaking information about
+the wider system. Unfortunately it has now been removed upstream (as
+redundant) instead of being fixed. For stable, fix the leak by only
+allowing access from the initial PID namespace.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+--- a/kernel/time/timer_stats.c
++++ b/kernel/time/timer_stats.c
+@@ -42,6 +42,7 @@
+ #include <linux/sched.h>
+ #include <linux/seq_file.h>
+ #include <linux/kallsyms.h>
++#include <linux/pid_namespace.h>
+
+ #include <asm/uaccess.h>
+
+@@ -394,6 +395,13 @@ static ssize_t tstats_write(struct file
+
+ static int tstats_open(struct inode *inode, struct file *filp)
+ {
++ /*
++ * We don't filter PIDs, so must only allow access from initial
++ * PID namespace.
++ */
++ if (task_active_pid_ns(current) != &init_pid_ns)
++ return -EPERM;
++
+ return single_open(filp, tstats_show, NULL);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index c6f3c2a..f35e777 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -704,6 +704,7 @@ bugfix/all/TTY-n_hdlc-fix-lockdep-false-positive.patch
bugfix/all/tty-n_hdlc-get-rid-of-racy-n_hdlc.tbuf.patch
bugfix/x86/kvm-nvmx-allow-l1-to-intercept-software-exceptions-bp-and-of.patch
bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch
+bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
# Fix ABI changes
debian/of-fix-abi-changes.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list