Commit 13a3838b authored by Dann Frazier's avatar Dann Frazier

* bugfix/reset-pdeathsig-on-suid.patch

  [SECURITY] Fix potential privilege escalation caused by improper
  clearing of the child process' pdeath signal.
  Thanks to Marcel Holtmann for the patch.
  See CVE-2007-3848

svn path=/dists/etch-security/linux-2.6/; revision=9306
parent f8474cd2
......@@ -31,8 +31,13 @@ linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
* bugfix/i965-secure-batchbuffer.patch
[SECURITY] Fix i965 secured batchbuffer usage
See CVE-2007-3851
* bugfix/reset-pdeathsig-on-suid.patch
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
Thanks to Marcel Holtmann for the patch.
See CVE-2007-3848
-- dann frazier <dannf@debian.org> Fri, 10 Aug 2007 19:22:14 -0600
-- dann frazier <dannf@debian.org> Sat, 11 Aug 2007 08:46:25 -0600
linux-2.6 (2.6.18.dfsg.1-13) stable; urgency=high
......
--- linux-source-2.6.18/fs/exec.c.orig 2006-09-19 21:42:06.000000000 -0600
+++ linux-source-2.6.18/fs/exec.c 2007-08-10 19:44:43.000000000 -0600
@@ -887,6 +887,7 @@
file_permission(bprm->file, MAY_READ) ||
(bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
suid_keys(current);
+ current->pdeath_signal = 0;
current->mm->dumpable = suid_dumpable;
}
@@ -977,8 +978,10 @@
{
int unsafe;
- if (bprm->e_uid != current->uid)
+ if (bprm->e_uid != current->uid) {
suid_keys(current);
+ current->pdeath_signal = 0;
+ }
exec_keys(current);
task_lock(current);
......@@ -7,3 +7,4 @@
+ bugfix/random-fix-error-in-entropy-extraction.patch
+ bugfix/nf_conntrack_sctp-null-deref.patch
+ bugfix/i965-secure-batchbuffer.patch
+ bugfix/reset-pdeathsig-on-suid.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment