[kernel] r10467 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all/vserver patches/series

Sun, 10 Feb 2008 06:26:36 -0800 

Author: waldi
Date: Sun Feb 10 14:26:30 2008
New Revision: 10467

Log:
[SECURITY][vserver] Fix access checks for the links in /proc/$pid.

* debian/changelog: Update.
* debian/patches/bugfix/all/vserver/proc-link-security.patch: Add.
* debian/patches/series/17etch2-extra: Add new patch.


Added:
   
dists/etch-security/linux-2.6/debian/patches/bugfix/all/vserver/proc-link-security.patch
   dists/etch-security/linux-2.6/debian/patches/series/17etch2-extra
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog      (original)
+++ dists/etch-security/linux-2.6/debian/changelog      Sun Feb 10 14:26:30 2008
@@ -3,6 +3,8 @@
   * bugfix/vmsplice-security.patch
     [SECURITY] Fix missing access check in vmsplice.
     See CVE-2008-0009
+  * bugfix/all/vserver/proc-link-security.patch
+    [SECURITY][vserver] Fix access checks for the links in /proc/$pid.
 
  -- Bastian Blank <[EMAIL PROTECTED]>  Sun, 10 Feb 2008 11:45:36 +0100
 

Added: 
dists/etch-security/linux-2.6/debian/patches/bugfix/all/vserver/proc-link-security.patch
==============================================================================
--- (empty file)
+++ 
dists/etch-security/linux-2.6/debian/patches/bugfix/all/vserver/proc-link-security.patch
    Sun Feb 10 14:26:30 2008
@@ -0,0 +1,11 @@
+--- linux-2.6.22/kernel/ptrace.c       2007-07-09 13:20:03 +0200
++++ linux-2.6.22-vs2.2.0-rc5/kernel/ptrace.c   2007-06-15 04:28:02 +0200
+@@ -145,6 +146,8 @@ static int may_attach(struct task_struct
+               dumpable = task->mm->dumpable;
+       if (!dumpable && !capable(CAP_SYS_PTRACE))
+               return -EPERM;
++      if (!vx_check(task->xid, VX_ADMIN|VX_IDENT))
++              return -EPERM;
+ 
+       return security_ptrace(current, task);
+ }

Added: dists/etch-security/linux-2.6/debian/patches/series/17etch2-extra
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/17etch2-extra   Sun Feb 
10 14:26:30 2008
@@ -0,0 +1 @@
++ bugfix/all/vserver/proc-link-security.patch *_vserver *_xen-vserver

_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

Reply via email to