On Fri, Mar 23, 2012 at 04:03:28PM +0100, Laurent Bonnaud wrote:
> Hi,
>
> I am looking at this page:
>
> http://security-tracker.debian.org/tracker/CVE-2011-1833
>
> and kernel 3.2.12-1 in sid and wheezy is marked as vulnerable. However
> the fix for this bug is here:
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=764355487ea220fdc2faf128d577d7f679b91f97
>
> and one can check in the Debian source package that this fix is present:
>
> $ grep -r check_ruid .
>
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: * @check_ruid: set to 1 if device uid
> should be checked against the ruid
>
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t
> *check_ruid)
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 0;
>
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 1;
>
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t check_ruid;
>
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: rc = ecryptfs_parse_options(sbi,
> raw_data, &check_ruid);
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: if (check_ruid &&
> path.dentry->d_inode->i_uid != current_uid()) {
>
> So could somebody mark this bug as fixed in sid+wheezy?
This was already fixed in the mean time.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
