Author: dannf
Date: Mon Dec 4 07:25:15 2006
New Revision: 7925
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/237_smbfs-honor-mount-opts.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
Log:
* 237_smbfs-honor-mount-opts.diff
Honor uid, gid and mode mount options for smbfs even when unix extensions
are enabled (closes: #310982)
See CVE-2006-5871
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
Mon Dec 4 07:25:15 2006
@@ -17,13 +17,10 @@
remaining bytes of the kernel buffer after a fault on the userspace
address in copy_from_user()
See CVE-2006-5174
- * 237_smbfs-no-cap-unix.diff
- [SECURITY] Disable SMB_CAP_UNIX if uid, gid, fmask or dmask are set.
- Now that smbfs supports CAP_UNIX, these options are ignored when
- connecting to a samba server in favor of passing through the Unix
- permissions from the remote server. This is a behavior change from
- woody that users likely will not expect, so disabling.
- Closes: #310982
+ * 237_smbfs-honor-mount-opts.diff
+ Honor uid, gid and mode mount options for smbfs even when unix extensions
+ are enabled (closes: #310982)
+ See CVE-2006-5871
* 238_ppc-hid0-dos.diff
[SECURITY] [ppc] Fix local DoS by clearing HID0 attention enable on
PPC970 at boot time
@@ -71,7 +68,7 @@
Fix an additional syntax error caused by extraneous semicolons
in membar macros on sparc
- -- dann frazier <[EMAIL PROTECTED]> Wed, 13 Sep 2006 21:33:51 -0600
+ -- dann frazier <[EMAIL PROTECTED]> Sun, 3 Dec 2006 23:12:42 -0700
kernel-source-2.4.27 (2.4.27-10sarge3) stable-security; urgency=high
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/237_smbfs-honor-mount-opts.diff
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/237_smbfs-honor-mount-opts.diff
Mon Dec 4 07:25:15 2006
@@ -0,0 +1,172 @@
+diff -urN kernel-source-2.4.27.orig/fs/smbfs/inode.c
kernel-source-2.4.27/fs/smbfs/inode.c
+--- kernel-source-2.4.27.orig/fs/smbfs/inode.c 2004-02-18 06:36:31.000000000
-0700
++++ kernel-source-2.4.27/fs/smbfs/inode.c 2006-12-03 16:20:37.023266250
-0700
+@@ -311,7 +311,6 @@
+ &optopt, &optarg, &flags, &value)) > 0) {
+
+ VERBOSE("'%s' -> '%s'\n", optopt, optarg ? optarg : "<none>");
+-
+ switch (c) {
+ case 1:
+ /* got a "flag" option */
+@@ -326,15 +325,19 @@
+ break;
+ case 'u':
+ mnt->uid = value;
++ flags |= SMB_MOUNT_UID;
+ break;
+ case 'g':
+ mnt->gid = value;
++ flags |= SMB_MOUNT_GID;
+ break;
+ case 'f':
+ mnt->file_mode = (value & S_IRWXUGO) | S_IFREG;
++ flags |= SMB_MOUNT_FMODE;
+ break;
+ case 'd':
+ mnt->dir_mode = (value & S_IRWXUGO) | S_IFDIR;
++ flags |= SMB_MOUNT_DMODE;
+ break;
+ case 'i':
+ strncpy(mnt->codepage.local_name, optarg,
+@@ -375,9 +378,9 @@
+ if (mnt->flags & opts[i].flag)
+ seq_printf(s, ",%s", opts[i].name);
+
+- if (mnt->uid != 0)
++ if (mnt->flags & SMB_MOUNT_UID)
+ seq_printf(s, ",uid=%d", mnt->uid);
+- if (mnt->gid != 0)
++ if (mnt->flags & SMB_MOUNT_GID)
+ seq_printf(s, ",gid=%d", mnt->gid);
+ if (mnt->mounted_uid != 0)
+ seq_printf(s, ",mounted_uid=%d", mnt->mounted_uid);
+@@ -386,8 +389,10 @@
+ * Defaults for file_mode and dir_mode are unknown to us; they
+ * depend on the current umask of the user doing the mount.
+ */
+- seq_printf(s, ",file_mode=%04o", mnt->file_mode & S_IRWXUGO);
+- seq_printf(s, ",dir_mode=%04o", mnt->dir_mode & S_IRWXUGO);
++ if (mnt->flags & SMB_MOUNT_FMODE)
++ seq_printf(s, ",file_mode=%04o", mnt->file_mode & S_IRWXUGO);
++ if (mnt->flags & SMB_MOUNT_DMODE)
++ seq_printf(s, ",dir_mode=%04o", mnt->dir_mode & S_IRWXUGO);
+
+ if (strcmp(mnt->codepage.local_name, CONFIG_NLS_DEFAULT))
+ seq_printf(s, ",iocharset=%s", mnt->codepage.local_name);
+@@ -505,8 +510,13 @@
+ mnt->file_mode = (oldmnt->file_mode & S_IRWXUGO) | S_IFREG;
+ mnt->dir_mode = (oldmnt->dir_mode & S_IRWXUGO) | S_IFDIR;
+
+- mnt->flags = (oldmnt->file_mode >> 9);
++ mnt->flags = (oldmnt->file_mode >> 9) | SMB_MOUNT_UID |
++ SMB_MOUNT_GID | SMB_MOUNT_FMODE | SMB_MOUNT_DMODE;
+ } else {
++ mnt->file_mode = mnt->dir_mode = S_IRWXU | S_IRGRP | S_IXGRP |
++ S_IROTH | S_IXOTH | S_IFREG;
++ mnt->dir_mode = mnt->dir_mode = S_IRWXU | S_IRGRP | S_IXGRP |
++ S_IROTH | S_IXOTH | S_IFDIR;
+ if (parse_options(mnt, raw_data))
+ goto out_bad_option;
+ }
+@@ -533,6 +543,7 @@
+ sb->s_root = d_alloc_root(root_inode);
+ if (!sb->s_root)
+ goto out_no_root;
++
+ smb_new_dentry(sb->s_root);
+
+ return sb;
+diff -urN kernel-source-2.4.27.orig/fs/smbfs/proc.c
kernel-source-2.4.27/fs/smbfs/proc.c
+--- kernel-source-2.4.27.orig/fs/smbfs/proc.c 2005-11-30 05:03:08.000000000
-0700
++++ kernel-source-2.4.27/fs/smbfs/proc.c 2006-12-03 22:11:45.123940250
-0700
+@@ -1946,7 +1946,7 @@
+ return result;
+ }
+
+-void smb_decode_unix_basic(struct smb_fattr *fattr, char *p)
++void smb_decode_unix_basic(struct smb_fattr *fattr, struct smb_sb_info
*server, char *p)
+ {
+ /* FIXME: verify nls support. all is sent as utf8? */
+
+@@ -1970,8 +1970,17 @@
+ fattr->f_ctime = smb_ntutc2unixutc(LVAL(p, 16));
+ fattr->f_atime = smb_ntutc2unixutc(LVAL(p, 24));
+ fattr->f_mtime = smb_ntutc2unixutc(LVAL(p, 32));
+- fattr->f_uid = LVAL(p, 40);
+- fattr->f_gid = LVAL(p, 48);
++
++ if (server->mnt->flags & SMB_MOUNT_UID)
++ fattr->f_uid = server->mnt->uid;
++ else
++ fattr->f_uid = LVAL(p, 40);
++
++ if (server->mnt->flags & SMB_MOUNT_GID)
++ fattr->f_gid = server->mnt->gid;
++ else
++ fattr->f_gid = LVAL(p, 48);
++
+ fattr->f_mode |= smb_filetype_to_mode(WVAL(p, 56));
+
+ if (S_ISBLK(fattr->f_mode) || S_ISCHR(fattr->f_mode)) {
+@@ -1980,7 +1989,16 @@
+
+ fattr->f_rdev = MKDEV(major & 0xffffffff, minor & 0xffffffff);
+ }
++
+ fattr->f_mode |= LVAL(p, 84);
++
++ if ( (server->mnt->flags & SMB_MOUNT_DMODE) &&
++ (S_ISDIR(fattr->f_mode)) )
++ fattr->f_mode = (server->mnt->dir_mode & (S_IRWXU | S_IRWXG |
S_IRWXO)) | S_IFDIR;
++ else if ( (server->mnt->flags & SMB_MOUNT_FMODE) &&
++ !(S_ISDIR(fattr->f_mode)) )
++ fattr->f_mode = (server->mnt->file_mode & (S_IRWXU | S_IRWXG |
S_IRWXO)) | S_IFREG;
++
+ }
+
+ /*
+@@ -2061,7 +2079,7 @@
+ /* FIXME: should we check the length?? */
+
+ p += 8;
+- smb_decode_unix_basic(fattr, p);
++ smb_decode_unix_basic(fattr, server, p);
+ VERBOSE("info SMB_FIND_FILE_UNIX at %p, len=%d, name=%.*s\n",
+ p, len, len, qname->name);
+ break;
+@@ -2686,7 +2704,7 @@
+ goto out;
+ }
+
+- smb_decode_unix_basic(attr, resp_data);
++ smb_decode_unix_basic(attr, server, resp_data);
+ result = 0;
+
+ out:
+diff -urN kernel-source-2.4.27.orig/fs/smbfs/proto.h
kernel-source-2.4.27/fs/smbfs/proto.h
+--- kernel-source-2.4.27.orig/fs/smbfs/proto.h 2004-02-18 06:36:31.000000000
-0700
++++ kernel-source-2.4.27/fs/smbfs/proto.h 2006-12-03 16:20:37.151274250
-0700
+@@ -21,7 +21,7 @@
+ extern int smb_proc_unlink(struct dentry *dentry);
+ extern int smb_proc_flush(struct smb_sb_info *server, __u16 fileid);
+ extern void smb_init_root_dirent(struct smb_sb_info *server, struct smb_fattr
*fattr);
+-extern void smb_decode_unix_basic(struct smb_fattr *fattr, char *p);
++extern void smb_decode_unix_basic(struct smb_fattr *fattr, struct smb_sb_info
*server, char *p);
+ extern int smb_proc_getattr(struct dentry *dir, struct smb_fattr *fattr);
+ extern int smb_proc_setattr(struct dentry *dir, struct smb_fattr *fattr);
+ extern int smb_proc_setattr_unix(struct dentry *dentry, struct iattr *attr,
unsigned int major, unsigned int minor);
+diff -urN kernel-source-2.4.27.orig/include/linux/smb_mount.h
kernel-source-2.4.27/include/linux/smb_mount.h
+--- kernel-source-2.4.27.orig/include/linux/smb_mount.h 2004-02-18
06:36:32.000000000 -0700
++++ kernel-source-2.4.27/include/linux/smb_mount.h 2006-12-03
16:23:00.172212500 -0700
+@@ -37,6 +37,10 @@
+ #define SMB_MOUNT_OLDATTR 0x0002 /* Use core getattr (Win 95 speedup) */
+ #define SMB_MOUNT_DIRATTR 0x0004 /* Use find_first for getattr */
+ #define SMB_MOUNT_CASE 0x0008 /* Be case sensitive */
++#define SMB_MOUNT_UID 0x0020 /* Use user specified uid */
++#define SMB_MOUNT_GID 0x0040 /* Use user specified gid */
++#define SMB_MOUNT_FMODE 0x0080 /* Use user specified file mode
*/
++#define SMB_MOUNT_DMODE 0x0100 /* Use user specified dir mode
*/
+
+
+ struct smb_mount_data_kernel {
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
Mon Dec 4 07:25:15 2006
@@ -2,5 +2,5 @@
+ 234_atm-clip-freed-skb-deref.diff
+ 235_ppc-alignment-exception-table-check.diff
+ 236_s390-uaccess-memleak.diff
-+ 237_smbfs-no-cap-unix.diff
++ 237_smbfs-honor-mount-opts.diff
+ 238_ppc-hid0-dos.diff
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
