[kernel] r15559 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Apr 27 05:38:10 UTC 2010
Author: dannf
Date: Tue Apr 27 05:38:06 2010
New Revision: 15559
Log:
fix LOOKUP_FOLLOW on automount "symlinks" (CVE-2010-1088)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-LOOKUP_FOLLOW-on-automount-symlinks.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Tue Apr 27 05:36:50 2010 (r15558)
+++ dists/lenny-security/linux-2.6/debian/changelog Tue Apr 27 05:38:06 2010 (r15559)
@@ -7,6 +7,7 @@
* dvb-core: Fix DoS bug in ULE decapsulation code that can be triggered
by an invalid Payload Pointer (CVE-2010-1086)
* NFS: Fix an Oops when truncating a file (CVE-2010-1087)
+ * fix LOOKUP_FOLLOW on automount "symlinks" (CVE-2010-1088)
[ Ben Hutchings ]
* [x86] KVM: disable paravirt mmu reporting (Closes: #573071) (regressed
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-LOOKUP_FOLLOW-on-automount-symlinks.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-LOOKUP_FOLLOW-on-automount-symlinks.patch Tue Apr 27 05:38:06 2010 (r15559)
@@ -0,0 +1,43 @@
+commit 611b55e2510b310b1314c914a1c3823e80caa0f1
+Author: Al Viro <viro at ZenIV.linux.org.uk>
+Date: Tue Feb 16 18:09:36 2010 +0000
+
+ fix LOOKUP_FOLLOW on automount "symlinks"
+
+ Make sure that automount "symlinks" are followed regardless of LOOKUP_FOLLOW;
+ it should have no effect on them.
+
+ Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff --git a/fs/namei.c b/fs/namei.c
+index 2b50296..a9df272 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -868,6 +868,17 @@ fail:
+ }
+
+ /*
++ * This is a temporary kludge to deal with "automount" symlinks; proper
++ * solution is to trigger them on follow_mount(), so that do_lookup()
++ * would DTRT. To be killed before 2.6.34-final.
++ */
++static inline int follow_on_final(struct inode *inode, unsigned lookup_flags)
++{
++ return inode && unlikely(inode->i_op->follow_link) &&
++ ((lookup_flags & LOOKUP_FOLLOW) || S_ISDIR(inode->i_mode));
++}
++
++/*
+ * Name resolution.
+ * This is the basic name resolution function, turning a pathname into
+ * the final dentry. We expect 'base' to be positive and a directory.
+@@ -1011,8 +1022,7 @@ last_component:
+ if (err)
+ break;
+ inode = next.dentry->d_inode;
+- if ((lookup_flags & LOOKUP_FOLLOW)
+- && inode && inode->i_op && inode->i_op->follow_link) {
++ if (follow_on_final(inode, lookup_flags)) {
+ err = do_follow_link(&next, nd);
+ if (err)
+ goto return_err;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny5 Tue Apr 27 05:36:50 2010 (r15558)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny5 Tue Apr 27 05:38:06 2010 (r15559)
@@ -7,3 +7,4 @@
+ bugfix/all/bluetooth-fix-potential-bad-memory-access-with-sysfs-files.patch
+ bugfix/all/dvb-core-fix-dos-in-ule-decapsulation.patch
+ bugfix/all/nfs-fix-an-oops-when-truncating-a-file.patch
++ bugfix/all/fix-LOOKUP_FOLLOW-on-automount-symlinks.patch
More information about the Kernel-svn-changes
mailing list