Author: maks
Date: Wed Dec 19 13:04:30 2007
New Revision: 9979
Log:
VM/Security: add security hook to do_brk (CVE-2007-6434)
patch applies directly, [EMAIL PROTECTED] feeded too.
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/security-do_brk.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/2
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Wed Dec 19 13:04:30 2007
@@ -84,6 +84,7 @@
- iwlwifi: fix possible NULL dereference in iwl_set_rate()
* Add stable release 2.6.23.12:
- Revert "PNP: increase the maximum number of resources"
+ * VM/Security: add security hook to do_brk (CVE-2007-6434)
[ Martin Michlmayr ]
* [arm/iop32x] Re-enable USB_NET and PPP, thanks Daniel Hess (closes:
@@ -95,7 +96,7 @@
platform.
* Add em28xx-dv100.patch to add support for Pinnacle Dazzle DVC 100.
- -- maximilian attems <[EMAIL PROTECTED]> Wed, 19 Dec 2007 00:48:46 +0100
+ -- maximilian attems <[EMAIL PROTECTED]> Wed, 19 Dec 2007 14:01:59 +0100
linux-2.6 (2.6.23-1) unstable; urgency=low
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/security-do_brk.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/security-do_brk.patch Wed Dec
19 13:04:30 2007
@@ -0,0 +1,40 @@
+Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
+Commit: ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
+Parent: 294a80a8ed004b383ab214837e1c05ca4098a717
+Author: Eric Paris <[EMAIL PROTECTED]>
+AuthorDate: Tue Dec 4 23:45:31 2007 -0800
+Committer: Linus Torvalds <[EMAIL PROTECTED]>
+CommitDate: Wed Dec 5 09:21:21 2007 -0800
+
+ VM/Security: add security hook to do_brk
+
+ Given a specifically crafted binary do_brk() can be used to get low pages
+ available in userspace virtual memory and can thus be used to circumvent
+ the mmap_min_addr low memory protection. Add security checks in do_brk().
+
+ Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
+ Acked-by: Alan Cox <[EMAIL PROTECTED]>
+ Cc: Stephen Smalley <[EMAIL PROTECTED]>
+ Cc: James Morris <[EMAIL PROTECTED]>
+ Cc: Chris Wright <[EMAIL PROTECTED]>
+ Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
+ Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+ mm/mmap.c | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/mm/mmap.c b/mm/mmap.c
+index facc1a7..acfc13f 100644
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -1934,6 +1934,10 @@ unsigned long do_brk(unsigned long addr, unsigned long
len)
+ if (is_hugepage_only_range(mm, addr, len))
+ return -EINVAL;
+
++ error = security_file_mmap(0, 0, 0, 0, addr, 1);
++ if (error)
++ return error;
++
+ flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
+
+ error = arch_mmap_check(addr, len, flags);
Modified: dists/sid/linux-2.6/debian/patches/series/2
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/2 (original)
+++ dists/sid/linux-2.6/debian/patches/series/2 Wed Dec 19 13:04:30 2007
@@ -6,3 +6,4 @@
+ bugfix/all/iwlwifi-null-deref.patch
+ features/all/em28xx-dv100.patch
+ bugfix/all/2.6.23.12
++ bugfix/all/security-do_brk.patch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
