[linux] 01/01: proc: Fix ptrace mode in has_pid_permissions() (Closes: #887106)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sun Jan 14 21:40:30 UTC 2018 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch wheezy-security
in repository linux.

commit 0a7434bc6be4e1d267e9df7cbfbfe8c611948fa0
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Jan 14 21:40:25 2018 +0000

    proc: Fix ptrace mode in has_pid_permissions() (Closes: #887106)
---
 debian/changelog                                   |  1 +
 ...proc-fix-ptrace-mode-inhas_pid_permissons.patch | 31 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 33 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5aa5d40..90c6e95 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ linux (3.2.96-4) UNRELEASED; urgency=medium
   * abiupdate.py: Use current config instead of downloading previous config
   * abiupdate.py: Add support for security mirrors
   * Add ABI reference for 3.2.0-5
+  * proc: Fix ptrace mode in has_pid_permissions() (Closes: #887106)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 07 Jan 2017 17:41:34 +0000
 
diff --git a/debian/patches/features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch b/debian/patches/features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch
new file mode 100644
index 0000000..fd41309
--- /dev/null
+++ b/debian/patches/features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch
@@ -0,0 +1,31 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 14 Jan 2018 21:32:45 +0000
+Subject: proc: Fix ptrace mode in has_pid_permissions()
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/887106
+
+Commit caaee6234d05 "ptrace: use fsuid, fsgid, effective creds for fs
+access checks" added the requirement that all calls to
+ptrace_may_access() include one of the PTRACE_MODE_{REAL,FS}CREDS
+flags in the mode argument, and updated all callers to do this.
+This was backported in 3.2.93.  For backward binary compatibility,
+I added a patch to make these flags optional.
+
+When I bumped the ABI version recently, I removed that patch, and it
+turns out that there is one in-tree caller that wasn't updated -
+has_pid_permissions().  This is was part of the backport of the procfs
+hidepid feature and not included in 3.2-stable.  So update it
+separately here.
+
+---
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -586,7 +586,7 @@ static bool has_pid_permissions(struct p
+ 		return true;
+ 	if (in_group_p(pid->pid_gid))
+ 		return true;
+-	return ptrace_may_access(task, PTRACE_MODE_READ);
++	return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
+ }
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 518815e..a634b61 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -371,6 +371,7 @@ features/all/hidepid/0001-procfs-parse-mount-options.patch
 features/all/hidepid/0002-procfs-add-hidepid-and-gid-mount-options.patch
 features/all/hidepid/0003-proc-fix-null-pointer-deref-in-proc_pid_permission.patch
 features/all/hidepid/0004-proc-fix-mount-t-proc-o-AAA.patch
+features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch
 
 # CPU sysdev removal from 3.3 and x86 CPU auto-loading from 3.4
 features/all/cpu-devices/driver-core-implement-sysdev-functionality-for-regul.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list