[linux] 01/02: timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Mar 14 16:45:03 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit b37ff1bfb5b281ddbe63b7714fd9eb90bc1581d5
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Mar 13 23:12:59 2017 +0000
timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
---
debian/changelog | 6 ++++
...rict-timer_stats-to-initial-pid-namespace.patch | 37 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 44 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 488c404..f5342c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (3.2.86-2) UNRELEASED; urgency=medium
+
+ * timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 13 Mar 2017 23:12:35 +0000
+
linux (3.2.86-1) wheezy-security; urgency=high
* New upstream stable update:
diff --git a/debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch b/debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
new file mode 100644
index 0000000..ac11a57
--- /dev/null
+++ b/debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
@@ -0,0 +1,37 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 13 Mar 2017 23:03:29 +0000
+Subject: timer: Restrict timer_stats to initial PID namespace
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5967
+
+The timer_stats facility should filter and translate PIDs if opened
+from a non-initial PID namespace, to avoid leaking information about
+the wider system. Unfortunately it has now been removed upstream (as
+redundant) instead of being fixed. For stable, fix the leak by only
+allowing access from the initial PID namespace.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+--- a/kernel/time/timer_stats.c
++++ b/kernel/time/timer_stats.c
+@@ -42,6 +42,7 @@
+ #include <linux/sched.h>
+ #include <linux/seq_file.h>
+ #include <linux/kallsyms.h>
++#include <linux/pid_namespace.h>
+
+ #include <asm/uaccess.h>
+
+@@ -394,6 +395,13 @@ static ssize_t tstats_write(struct file
+
+ static int tstats_open(struct inode *inode, struct file *filp)
+ {
++ /*
++ * We don't filter PIDs, so must only allow access from initial
++ * PID namespace.
++ */
++ if (task_active_pid_ns(current) != &init_pid_ns)
++ return -EPERM;
++
+ return single_open(filp, tstats_show, NULL);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index a6670e7..8a81954 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1116,6 +1116,7 @@ bugfix/all/sctp-deny-peeloff-operation-on-asocs-with-threads-sleeping-on-it.patc
bugfix/all/tty-n_hdlc-fix-lockdep-false-positive.patch
features/all/list-introduce-list_first_entry_or_null.patch
bugfix/all/tty-n_hdlc-get-rid-of-racy-n_hdlc.patch
+bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
# ABI maintenance
debian/perf-hide-abi-change-in-3.2.30.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list