[kernel] r9306 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Wed Aug 15 16:12:33 UTC 2007 

Author: dannf
Date: Wed Aug 15 16:12:32 2007
New Revision: 9306

Log:
* bugfix/reset-pdeathsig-on-suid.patch
  [SECURITY] Fix potential privilege escalation caused by improper
  clearing of the child process' pdeath signal.
  Thanks to Marcel Holtmann for the patch.
  See CVE-2007-3848

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/13etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Wed Aug 15 16:12:32 2007
@@ -31,8 +31,13 @@
   * bugfix/i965-secure-batchbuffer.patch
     [SECURITY] Fix i965 secured batchbuffer usage
     See CVE-2007-3851
+  * bugfix/reset-pdeathsig-on-suid.patch
+    [SECURITY] Fix potential privilege escalation caused by improper
+    clearing of the child process' pdeath signal.
+    Thanks to Marcel Holtmann for the patch.
+    See CVE-2007-3848
 
- -- dann frazier <dannf at debian.org>  Fri, 10 Aug 2007 19:22:14 -0600
+ -- dann frazier <dannf at debian.org>  Sat, 11 Aug 2007 08:46:25 -0600
 
 linux-2.6 (2.6.18.dfsg.1-13) stable; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/reset-pdeathsig-on-suid.patch	Wed Aug 15 16:12:32 2007
@@ -0,0 +1,22 @@
+--- linux-source-2.6.18/fs/exec.c.orig	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/fs/exec.c	2007-08-10 19:44:43.000000000 -0600
+@@ -887,6 +887,7 @@
+ 	    file_permission(bprm->file, MAY_READ) ||
+ 	    (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
+ 		suid_keys(current);
++		current->pdeath_signal = 0;
+ 		current->mm->dumpable = suid_dumpable;
+ 	}
+ 
+@@ -977,8 +978,10 @@
+ {
+ 	int unsafe;
+ 
+-	if (bprm->e_uid != current->uid)
++	if (bprm->e_uid != current->uid) {
+ 		suid_keys(current);
++		current->pdeath_signal = 0;
++	}
+ 	exec_keys(current);
+ 
+ 	task_lock(current);

Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch1	Wed Aug 15 16:12:32 2007
@@ -7,3 +7,4 @@
 + bugfix/random-fix-error-in-entropy-extraction.patch
 + bugfix/nf_conntrack_sctp-null-deref.patch
 + bugfix/i965-secure-batchbuffer.patch
++ bugfix/reset-pdeathsig-on-suid.patch

More information about the Kernel-svn-changes mailing list