Author: dannf
Date: Thu Dec 6 07:31:40 2007
New Revision: 9907
Log:
* bugfix/coredump-only-to-same-uid.patch
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/coredump-only-to-same-uid.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/13etch6
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Thu Dec 6 07:31:40 2007
@@ -3,8 +3,12 @@
* bugfix/isdn-net-overflow.patch
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
+ * bugfix/coredump-only-to-same-uid.patch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
- -- dann frazier <[EMAIL PROTECTED]> Tue, 04 Dec 2007 11:48:54 -0700
+ -- dann frazier <[EMAIL PROTECTED]> Wed, 05 Dec 2007 23:41:52 -0700
linux-2.6 (2.6.18.dfsg.1-13etch5) stable-security; urgency=high
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/coredump-only-to-same-uid.patch
==============================================================================
--- (empty file)
+++
dists/etch-security/linux-2.6/debian/patches/bugfix/coredump-only-to-same-uid.patch
Thu Dec 6 07:31:40 2007
@@ -0,0 +1,38 @@
+From: Ingo Molnar <[EMAIL PROTECTED]>
+Date: Wed, 28 Nov 2007 12:59:18 +0000 (+0100)
+Subject: vfs: coredumping fix
+X-Git-Tag: v2.6.24-rc4~82
+X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
+
+vfs: coredumping fix
+
+fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043
+
+only allow coredumping to the same uid that the coredumping
+task runs under.
+
+Signed-off-by: Ingo Molnar <[EMAIL PROTECTED]>
+Acked-by: Alan Cox <[EMAIL PROTECTED]>
+Acked-by: Christoph Hellwig <[EMAIL PROTECTED]>
+Acked-by: Al Viro <[EMAIL PROTECTED]>
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <[EMAIL PROTECTED]>
+
+diff -urpN linux-source-2.6.18.orig/fs/exec.c linux-source-2.6.18/fs/exec.c
+--- linux-source-2.6.18.orig/fs/exec.c 2007-10-03 12:38:15.000000000 -0600
++++ linux-source-2.6.18/fs/exec.c 2007-12-05 23:41:00.000000000 -0700
+@@ -1524,6 +1524,12 @@ int do_coredump(long signr, int exit_cod
+
+ if (!S_ISREG(inode->i_mode))
+ goto close_fail;
++ /*
++ * Dont allow local users get cute and trick others to coredump
++ * into their pre-created files:
++ */
++ if (inode->i_uid != current->fsuid)
++ goto close_fail;
+ if (!file->f_op)
+ goto close_fail;
+ if (!file->f_op->write)
Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch6
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch6 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch6 Thu Dec 6
07:31:40 2007
@@ -1 +1,2 @@
+ bugfix/isdn-net-overflow.patch
++ bugfix/coredump-only-to-same-uid.patch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
