Commit 3cf4b478 authored by Dann Frazier's avatar Dann Frazier

save switching to the pdeathsig patch from upstream for a point release

svn path=/dists/etch-security/linux-2.6/; revision=9432
parent 04c9b2ac
linux-2.6 (2.6.18.dfsg.1-13etch2) UNRELEASED; urgency=low
linux-2.6 (2.6.18.dfsg.1-13etch2) stable-security; urgency=high
* bugfix/reset-pdeathsig-on-suid-upstream.patch
Update fix for CVE-2007-3848 with the patch accepted upstream
* bugfix/ipv4-fib_props-out-of-bounds.patch
[SECURITY] Fix a typo which caused fib_props[] to be of the wrong size
and check for out of bounds condition in index provided by userspace
......@@ -23,7 +21,7 @@ linux-2.6 (2.6.18.dfsg.1-13etch2) UNRELEASED; urgency=low
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
-- dann frazier <dannf@debian.org> Wed, 29 Aug 2007 00:29:56 -0600
-- dann frazier <dannf@debian.org> Mon, 27 Aug 2007 23:29:31 -0600
linux-2.6 (2.6.18.dfsg.1-13etch1) stable-security; urgency=high
......
From: Marcel Holtmann <marcel@holtmann.org>
Date: Fri, 17 Aug 2007 19:47:58 +0000 (+0200)
Subject: Reset current->pdeath_signal on SUID binary execution
X-Git-Tag: v2.6.23-rc4~134
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f
Reset current->pdeath_signal on SUID binary execution
This fixes a vulnerability in the "parent process death signal"
implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd.
and iSEC Security Research.
http://marc.info/?l=bugtraq&m=118711306802632&w=2
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
diff -urpN linux-source-2.6.18.orig/fs/exec.c linux-source-2.6.18/fs/exec.c
--- linux-source-2.6.18.orig/fs/exec.c 2007-08-11 08:55:05.000000000 -0600
+++ linux-source-2.6.18/fs/exec.c 2007-08-29 00:26:45.380758719 -0600
@@ -883,11 +883,13 @@ int flush_old_exec(struct linux_binprm *
*/
current->mm->task_size = TASK_SIZE;
- if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
- file_permission(bprm->file, MAY_READ) ||
- (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
+ if (bprm->e_uid != current->euid || bprm->e_gid != current->egid) {
suid_keys(current);
+ set_dumpable(current->mm, suid_dumpable);
current->pdeath_signal = 0;
+ } else if (file_permission(bprm->file, MAY_READ) ||
+ (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
+ suid_keys(current);
current->mm->dumpable = suid_dumpable;
}
- bugfix/reset-pdeathsig-on-suid.patch
+ bugfix/reset-pdeathsig-on-suid-upstream.patch
+ bugfix/bluetooth-l2cap-hci-info-leaks.patch
+ bugfix/usblcd-limit-memory-consumption.patch
+ bugfix/pppoe-socket-release-mem-leak.patch
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment