[linux] 01/01: proc: Fix ptrace mode in has_pid_permissions() (Closes: #887106)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Jan 14 21:40:30 UTC 2018
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit 0a7434bc6be4e1d267e9df7cbfbfe8c611948fa0
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Jan 14 21:40:25 2018 +0000
proc: Fix ptrace mode in has_pid_permissions() (Closes: #887106)
---
debian/changelog | 1 +
...proc-fix-ptrace-mode-inhas_pid_permissons.patch | 31 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 33 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 5aa5d40..90c6e95 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ linux (3.2.96-4) UNRELEASED; urgency=medium
* abiupdate.py: Use current config instead of downloading previous config
* abiupdate.py: Add support for security mirrors
* Add ABI reference for 3.2.0-5
+ * proc: Fix ptrace mode in has_pid_permissions() (Closes: #887106)
-- Ben Hutchings <ben at decadent.org.uk> Sat, 07 Jan 2017 17:41:34 +0000
diff --git a/debian/patches/features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch b/debian/patches/features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch
new file mode 100644
index 0000000..fd41309
--- /dev/null
+++ b/debian/patches/features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch
@@ -0,0 +1,31 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 14 Jan 2018 21:32:45 +0000
+Subject: proc: Fix ptrace mode in has_pid_permissions()
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/887106
+
+Commit caaee6234d05 "ptrace: use fsuid, fsgid, effective creds for fs
+access checks" added the requirement that all calls to
+ptrace_may_access() include one of the PTRACE_MODE_{REAL,FS}CREDS
+flags in the mode argument, and updated all callers to do this.
+This was backported in 3.2.93. For backward binary compatibility,
+I added a patch to make these flags optional.
+
+When I bumped the ABI version recently, I removed that patch, and it
+turns out that there is one in-tree caller that wasn't updated -
+has_pid_permissions(). This is was part of the backport of the procfs
+hidepid feature and not included in 3.2-stable. So update it
+separately here.
+
+---
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -586,7 +586,7 @@ static bool has_pid_permissions(struct p
+ return true;
+ if (in_group_p(pid->pid_gid))
+ return true;
+- return ptrace_may_access(task, PTRACE_MODE_READ);
++ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
+ }
+
+
diff --git a/debian/patches/series b/debian/patches/series
index 518815e..a634b61 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -371,6 +371,7 @@ features/all/hidepid/0001-procfs-parse-mount-options.patch
features/all/hidepid/0002-procfs-add-hidepid-and-gid-mount-options.patch
features/all/hidepid/0003-proc-fix-null-pointer-deref-in-proc_pid_permission.patch
features/all/hidepid/0004-proc-fix-mount-t-proc-o-AAA.patch
+features/all/hidepid/proc-fix-ptrace-mode-inhas_pid_permissons.patch
# CPU sysdev removal from 3.3 and x86 CPU auto-loading from 3.4
features/all/cpu-devices/driver-core-implement-sysdev-functionality-for-regul.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list