[kernel] r9979 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Wed Dec 19 13:04:30 UTC 2007

Author: maks
Date: Wed Dec 19 13:04:30 2007
New Revision: 9979

Log:
VM/Security: add security hook to do_brk (CVE-2007-6434)

patch applies directly, stable at kernel.org feeded too.


Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/security-do_brk.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/2

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================

--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Wed Dec 19 13:04:30 2007
@@ -84,6 +84,7 @@
     - iwlwifi: fix possible NULL dereference in iwl_set_rate()
   * Add stable release 2.6.23.12:
     - Revert "PNP: increase the maximum number of resources"
+  * VM/Security: add security hook to do_brk (CVE-2007-6434)
 
   [ Martin Michlmayr ]
   * [arm/iop32x] Re-enable USB_NET and PPP, thanks Daniel Hess (closes:
@@ -95,7 +96,7 @@
     platform.
   * Add em28xx-dv100.patch to add support for Pinnacle Dazzle DVC 100.
 
- -- maximilian attems <maks at debian.org>  Wed, 19 Dec 2007 00:48:46 +0100
+ -- maximilian attems <maks at debian.org>  Wed, 19 Dec 2007 14:01:59 +0100
 
 linux-2.6 (2.6.23-1) unstable; urgency=low
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/security-do_brk.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/security-do_brk.patch	Wed Dec 19 13:04:30 2007
@@ -0,0 +1,40 @@
+Gitweb:     http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
+Commit:     ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
+Parent:     294a80a8ed004b383ab214837e1c05ca4098a717
+Author:     Eric Paris <eparis at redhat.com>
+AuthorDate: Tue Dec 4 23:45:31 2007 -0800
+Committer:  Linus Torvalds <torvalds at woody.linux-foundation.org>
+CommitDate: Wed Dec 5 09:21:21 2007 -0800
+
+    VM/Security: add security hook to do_brk
+    
+    Given a specifically crafted binary do_brk() can be used to get low pages
+    available in userspace virtual memory and can thus be used to circumvent
+    the mmap_min_addr low memory protection.  Add security checks in do_brk().
+    
+    Signed-off-by: Eric Paris <eparis at redhat.com>
+    Acked-by: Alan Cox <alan at redhat.com>
+    Cc: Stephen Smalley <sds at tycho.nsa.gov>
+    Cc: James Morris <jmorris at namei.org>
+    Cc: Chris Wright <chrisw at sous-sol.org>
+    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ mm/mmap.c |    4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/mm/mmap.c b/mm/mmap.c
+index facc1a7..acfc13f 100644
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -1934,6 +1934,10 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+ 	if (is_hugepage_only_range(mm, addr, len))
+ 		return -EINVAL;
+ 
++	error = security_file_mmap(0, 0, 0, 0, addr, 1);
++	if (error)
++		return error;
++
+ 	flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
+ 
+ 	error = arch_mmap_check(addr, len, flags);

Modified: dists/sid/linux-2.6/debian/patches/series/2
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/2	(original)
+++ dists/sid/linux-2.6/debian/patches/series/2	Wed Dec 19 13:04:30 2007
@@ -6,3 +6,4 @@
 + bugfix/all/iwlwifi-null-deref.patch
 + features/all/em28xx-dv100.patch
 + bugfix/all/2.6.23.12
++ bugfix/all/security-do_brk.patch

