Author: dannf
Date: Wed Aug 15 16:12:32 2007
New Revision: 9306
Log:
* bugfix/reset-pdeathsig-on-suid.patch
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
Thanks to Marcel Holtmann for the patch.
See CVE-2007-3848
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/13etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Aug 15 16:12:32 2007
@@ -31,8 +31,13 @@
* bugfix/i965-secure-batchbuffer.patch
[SECURITY] Fix i965 secured batchbuffer usage
See CVE-2007-3851
+ * bugfix/reset-pdeathsig-on-suid.patch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
- -- dann frazier <[EMAIL PROTECTED]> Fri, 10 Aug 2007 19:22:14 -0600
+ -- dann frazier <[EMAIL PROTECTED]> Sat, 11 Aug 2007 08:46:25 -0600
linux-2.6 (2.6.18.dfsg.1-13) stable; urgency=high
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid.patch
==============================================================================
--- (empty file)
+++
dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid.patch
Wed Aug 15 16:12:32 2007
@@ -0,0 +1,22 @@
+--- linux-source-2.6.18/fs/exec.c.orig 2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/fs/exec.c 2007-08-10 19:44:43.000000000 -0600
+@@ -887,6 +887,7 @@
+ file_permission(bprm->file, MAY_READ) ||
+ (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
+ suid_keys(current);
++ current->pdeath_signal = 0;
+ current->mm->dumpable = suid_dumpable;
+ }
+
+@@ -977,8 +978,10 @@
+ {
+ int unsafe;
+
+- if (bprm->e_uid != current->uid)
++ if (bprm->e_uid != current->uid) {
+ suid_keys(current);
++ current->pdeath_signal = 0;
++ }
+ exec_keys(current);
+
+ task_lock(current);
Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch1 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch1 Wed Aug 15
16:12:32 2007
@@ -7,3 +7,4 @@
+ bugfix/random-fix-error-in-entropy-extraction.patch
+ bugfix/nf_conntrack_sctp-null-deref.patch
+ bugfix/i965-secure-batchbuffer.patch
++ bugfix/reset-pdeathsig-on-suid.patch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
