On Thu, Oct 13, 2005 at 02:59:30PM -0400, micah wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Horms, > > I noticed that this patch is not applied to the 2.4.27 sarge1 update: > http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED] > > The description reads: [XFS] Add nosymlinks inode flag for the security > folks, reserve projinherit flag. > > I dont know what the security issue is here, but it seems like it is > security... > > That patch doesn't apply straight to the debian source, it seems as if > there are some pre-requisite patches, I was able to find at least these > two that were needed: > http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/[EMAIL > PROTECTED]|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|[EMAIL > PROTECTED]|hist/fs/xfs/xfs_dinode.h > http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/[EMAIL > PROTECTED]|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|[EMAIL > PROTECTED]|hist/fs/xfs/xfs_fs.h > > This solves the failure to apply to xfs_dinode.h, but there are other > failures that are most likely due to other patches needing to be applied > first. I dont know if the other patches in that history need to be > brought up to the latest as well. I'm afraid I have reached my limits of > understanding of how to bring this forwards.
I do not believe this is a security patch. I believe that it is the addition of a new security-related feature. It is also rather a lot of patch. So I am rejecting its inclusion in Debian's 2.4 at this stage. > > Also this patch: > http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/[EMAIL > PROTECTED]|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|[EMAIL > PROTECTED]|hist/fs/xfs/xfs_inode.c > ([XFS] Handle inode creation race) should also be applied since it > appears to be a security issue. Fixed in 2.4.29-pre1 Patch: http://linux.bkbits.net:8080/linux-2.4/[EMAIL PROTECTED]|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_inode.c ChangeLog: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.29 I'll get this into SVN for 2.4.27. It does not seem to relate to 2.6 at all. > I am having trouble locating CAN numbers for these, does anyone know if > there are any? I don't think there are any. Perhaps we should file for the 2nd one. I noice that hlh was involved in that patch, perhaps he can provide a slightly longer description. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
