Author: des
Date: Tue Jun 18 07:04:19 2013
New Revision: 251902
URL: http://svnweb.freebsd.org/changeset/base/251902
Log:
Fix a bug that allowed a tracing process (e.g. gdb) to write
to a memory-mapped file in the traced process's address space
even if neither the traced process nor the tracing process had
write access to that file.
Security: CVE-2013-2171
Security: FreeBSD-SA-13:06.mmap
Approved by: so
Modified:
stable/9/UPDATING
stable/9/sys/vm/vm_map.c
Modified: stable/9/UPDATING
==============================================================================
--- stable/9/UPDATING Tue Jun 18 07:02:35 2013 (r251901)
+++ stable/9/UPDATING Tue Jun 18 07:04:19 2013 (r251902)
@@ -11,6 +11,12 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20130618:
+ Fix a bug that allowed a tracing process (e.g. gdb) to write
+ to a memory-mapped file in the traced process's address space
+ even if neither the traced process nor the tracing process had
+ write access to that file.
+
20130605:
Added ZFS TRIM support which is enabled by default. To disable
ZFS TRIM support set vfs.zfs.trim.enabled=0 in loader.conf.
Modified: stable/9/sys/vm/vm_map.c
==============================================================================
--- stable/9/sys/vm/vm_map.c Tue Jun 18 07:02:35 2013 (r251901)
+++ stable/9/sys/vm/vm_map.c Tue Jun 18 07:04:19 2013 (r251902)
@@ -3799,6 +3799,12 @@ RetryLookup:;
vm_map_unlock_read(map);
return (KERN_PROTECTION_FAILURE);
}
+ if ((fault_typea & VM_PROT_COPY) != 0 &&
+ (entry->max_protection & VM_PROT_WRITE) == 0 &&
+ (entry->eflags & MAP_ENTRY_COW) == 0) {
+ vm_map_unlock_read(map);
+ return (KERN_PROTECTION_FAILURE);
+ }
/*
* If this page is not pageable, we have to get it for all possible
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
