[kernel] r10111 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Tue, 15 Jan 2008 15:46:14 -0800 

Author: dannf
Date: Tue Jan 15 23:46:19 2008
New Revision: 10111

Log:
* bugfix/vfs-use-access-mode-flag.patch
  [SECURITY] Use the access mode flag instead of the open flag when
  testing access mode for a directory.
  See CVE-2008-0001

Added:
   
dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/17etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog      (original)
+++ dists/etch-security/linux-2.6/debian/changelog      Tue Jan 15 23:46:19 2008
@@ -3,8 +3,12 @@
   * bugfix/i4l-isdn_ioctl-mem-overrun.patch
     [SECURITY] Fix potential isdn ioctl memory overrun
     See CVE-2007-6151
+  * bugfix/vfs-use-access-mode-flag.patch
+    [SECURITY] Use the access mode flag instead of the open flag when
+    testing access mode for a directory.
+    See CVE-2008-0001
 
- -- dann frazier <[EMAIL PROTECTED]>  Sat, 05 Jan 2008 17:27:50 -0700
+ -- dann frazier <[EMAIL PROTECTED]>  Tue, 15 Jan 2008 16:44:15 -0700
 
 linux-2.6 (2.6.18.dfsg.1-17) stable; urgency=high
 

Added: 
dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch
==============================================================================
--- (empty file)
+++ 
dists/etch-security/linux-2.6/debian/patches/bugfix/vfs-use-access-mode-flag.patch
  Tue Jan 15 23:46:19 2008
@@ -0,0 +1,52 @@
+From: Linus Torvalds <[EMAIL PROTECTED]>
+Date: Sat, 12 Jan 2008 22:06:34 +0000 (-0800)
+Subject: Use access mode instead of open flags to determine needed permissions
+X-Git-Url: 
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a
+
+Use access mode instead of open flags to determine needed permissions
+
+Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka
+"VFS: Allow the filesystem to return a full file pointer on open intent"
+to be exact), Trond changed the open logic to keep track of the original
+flags to a file open, in order to pass down the the intent of a dentry
+lookup to the low-level filesystem.
+
+However, when doing that reorganization, it changed the meaning of
+namei_flags, and thus inadvertently changed the test of access mode for
+directories (and RO filesystem) to use the wrong flag.  So fix those
+test back to use access mode ("acc_mode") rather than the open flag
+("flag").
+
+Issue noticed by Bill Roman at Datalight.
+
+Reported-and-tested-by: Bill Roman <[EMAIL PROTECTED]>
+Acked-by: Trond Myklebust <[EMAIL PROTECTED]>
+Acked-by: Al Viro <[EMAIL PROTECTED]>
+Cc: Christoph Hellwig <[EMAIL PROTECTED]>
+Cc: Andrew Morton <[EMAIL PROTECTED]>
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <[EMAIL PROTECTED]>
+
+diff -urpN linux-source-2.6.18.orig/fs/namei.c linux-source-2.6.18/fs/namei.c
+--- linux-source-2.6.18.orig/fs/namei.c        2006-09-19 21:42:06.000000000 
-0600
++++ linux-source-2.6.18/fs/namei.c     2008-01-15 16:42:10.000000000 -0700
+@@ -1500,7 +1500,7 @@ int may_open(struct nameidata *nd, int a
+       if (S_ISLNK(inode->i_mode))
+               return -ELOOP;
+       
+-      if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
++      if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
+               return -EISDIR;
+ 
+       error = vfs_permission(nd, acc_mode);
+@@ -1519,7 +1519,7 @@ int may_open(struct nameidata *nd, int a
+                       return -EACCES;
+ 
+               flag &= ~O_TRUNC;
+-      } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
++      } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
+               return -EROFS;
+       /*
+        * An append-only file must be opened in append mode for writing.

Modified: dists/etch-security/linux-2.6/debian/patches/series/17etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/17etch1 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/17etch1 Tue Jan 15 
23:46:19 2008
@@ -1 +1,2 @@
 + bugfix/i4l-isdn_ioctl-mem-overrun.patch
++ bugfix/vfs-use-access-mode-flag.patch

_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

Reply via email to