[linux] 01/02: Fix backport of "Sanitize 'move_pages()' permission checks"

[debian-kernel at lists.debian.org]

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie-security
in repository linux.

commit cea5e8b94fd031a159d6ebf3c753714d9fb671a2
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Mon Sep 18 04:32:21 2017 +0100

    Fix backport of "Sanitize 'move_pages()' permission checks"
    
    PTRACE_MODE_READ_REALCREDS is introduced by commit caaee6234d05
    "ptrace: use fsuid, fsgid, effective creds for fs access checks",
    which we *should* apply - but we don't actually need it and can
    use PTRACE_MODE_READ for now.
---
 debian/patches/bugfix/all/sanitize-move_pages-permission-checks.patch | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/patches/bugfix/all/sanitize-move_pages-permission-checks.patch b/debian/patches/bugfix/all/sanitize-move_pages-permission-checks.patch
index a209875..8283639 100644
--- a/debian/patches/bugfix/all/sanitize-move_pages-permission-checks.patch
+++ b/debian/patches/bugfix/all/sanitize-move_pages-permission-checks.patch
@@ -30,6 +30,7 @@ Cc: Willy Tarreau <w at 1wt.eu>
 Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
 [bwh: Backported to 3.16: adjust context]
 Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+[bwh: Backported to 3.16.43: use just PTRACE_MODE_REAL]
 ---
  mm/migrate.c | 11 +++--------
  1 file changed, 3 insertions(+), 8 deletions(-)
@@ -66,7 +67,7 @@ Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
 -	    !capable(CAP_SYS_NICE)) {
 +	 * process. Use the regular "ptrace_may_access()" checks.
 +	 */
-+	if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) {
++	if (!ptrace_may_access(task, PTRACE_MODE_READ)) {
  		rcu_read_unlock();
  		err = -EPERM;
  		goto out;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git