[rlug] linux-2.4.24 released (fwd)

Mihai RUSU Mon, 05 Jan 2004 07:09:05 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Salut


Este bug imporant de local root compromise (cred) in mremap.c, treceti 
repede la 2.4.24 (cei care urmaresc lkml cred ca s-au amuzat de viteza cu 
care 2.4.24-rc1 a devenit 2.4.24 lol).

Patchul de care zic eu ar fi:
- --- linux-2.4.23/mm/mremap.c    2003-08-25 11:44:44.000000000 +0000
+++ linux-2.4.24-rc1/mm/mremap.c        2004-01-04 20:52:19.000000000 
+0000
@@ -241,6 +241,13 @@
 
                if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
                        goto out;
+               /*
+                * Allow new_len == 0 only if new_addr == addr
+                * to preserve truncation in place (that was working
+                * safe and some app may depend on it).
+                */
+               if (unlikely(!new_len && new_addr != addr))
+                       goto out;
 
                /* Check if the location we're moving into overlaps the
                 * old location at all, and fail if it does.

PS: :((( si eu care tocmai bootasem 2.4.24-rc1 lol!

- -- 
Mihai RUSU                                    Email: [EMAIL PROTECTED]
GPG : http://dizzy.roedu.net/dizzy-gpg.txt    WWW: http://dizzy.roedu.net
                       "Linux is obsolete" -- AST

- ---------- Forwarded message ----------
Date: Mon, 5 Jan 2004 05:55:57 -0800
From: Marcelo Tosatti <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: linux-2.4.24 released

final:

- - 2.4.24-rc1 was released as 2.4.24 with no changes.


Summary of changes from v2.4.23 to v2.4.24-rc1
============================================

<bjorn.helgaas:hp.com>:
  o Fix 2.4 EFI RTC oops

<marcelo.tosatti:cyclades.com>:
  o Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges

<marcelo:logos.cnet>:
  o Harald Welte: Fix ipchains MASQUERADE oops
  o Change EXTRAVERSION to 2.4.24-rc1

<trini:mvista.com>:
  o /dev/rtc can leak parts of kernel memory to unpriviledged users

Jean Tourrilhes:
  o IrDA kernel log buster

- -
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/+W9dPZzOzrZY/1QRAjexAKChTe/6MwiRWH/h3nWx5cx4SAP8IwCeJfZz
O16g6j7Ip4qstCZ5cPVc6DA=
=X/5G
-----END PGP SIGNATURE-----

--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

[rlug] linux-2.4.24 released (fwd)

Raspunde prin e-mail lui