diff options
author | Guillaume Destuynder <kang@gentoo.org> | 2004-12-08 19:53:28 +0000 |
---|---|---|
committer | Guillaume Destuynder <kang@gentoo.org> | 2004-12-08 19:53:28 +0000 |
commit | e69a350f60e2f55e9a2f6ca253c96b19a6627bfa (patch) | |
tree | 581f31070f7a9cd23485fa4837c74064f2ae76f5 /sys-kernel | |
parent | remove libtool DEPEND to break circular dependencies (Manifest recommit) (diff) | |
download | gentoo-2-e69a350f60e2f55e9a2f6ca253c96b19a6627bfa.tar.gz gentoo-2-e69a350f60e2f55e9a2f6ca253c96b19a6627bfa.tar.bz2 gentoo-2-e69a350f60e2f55e9a2f6ca253c96b19a6627bfa.zip |
Security fix bug #72452: Linux Kernel Local DoS and Memory Content Disclosure Vulnerabilities | PaX upgrade
Diffstat (limited to 'sys-kernel')
-rw-r--r-- | sys-kernel/rsbac-dev-sources/ChangeLog | 11 | ||||
-rw-r--r-- | sys-kernel/rsbac-dev-sources/Manifest | 5 | ||||
-rw-r--r-- | sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r10 (renamed from sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r9) | 2 | ||||
-rw-r--r-- | sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc1.patch | 61 | ||||
-rw-r--r-- | sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc2.patch | 191 | ||||
-rw-r--r-- | sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r10.ebuild (renamed from sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r9.ebuild) | 9 |
6 files changed, 272 insertions, 7 deletions
diff --git a/sys-kernel/rsbac-dev-sources/ChangeLog b/sys-kernel/rsbac-dev-sources/ChangeLog index ab1944fb2526..68a74c0f9757 100644 --- a/sys-kernel/rsbac-dev-sources/ChangeLog +++ b/sys-kernel/rsbac-dev-sources/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-kernel/rsbac-dev-sources # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.15 2004/12/02 18:56:58 kang Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.16 2004/12/08 19:53:28 kang Exp $ + +*rsbac-dev-sources-2.6.7-r10 (08 Dec 2004) + + 08 Dec 2004; Guillaume Destuynder <kang@gentoo.org> + +files/rsbac-dev-sources-2.6.7-dos_mem_disc1.patch, + +files/rsbac-dev-sources-2.6.7-dos_mem_disc2.patch, + +rsbac-dev-sources-2.6.7-r10.ebuild, -rsbac-dev-sources-2.6.7-r9.ebuild: + Security fix bug #72452: Linux Kernel Local DoS and Memory Content + Disclosure Vulnerabilities ; and PaX upgrade *rsbac-dev-sources-2.6.7-r9 (02 Dec 2004) diff --git a/sys-kernel/rsbac-dev-sources/Manifest b/sys-kernel/rsbac-dev-sources/Manifest index ee2c472306dd..caeb76a752af 100644 --- a/sys-kernel/rsbac-dev-sources/Manifest +++ b/sys-kernel/rsbac-dev-sources/Manifest @@ -1,6 +1,6 @@ MD5 ed6fb50f79e8049f3f3576bb25c32747 metadata.xml 465 -MD5 b03a45c3009ca8ec56dba83fa6afc8da rsbac-dev-sources-2.6.7-r9.ebuild 1796 MD5 17c7be9091418932d25a5d94b4259eb8 ChangeLog 4019 +MD5 9d7781d40db9a34d8a412a02409e85d9 rsbac-dev-sources-2.6.7-r10.ebuild 1885 MD5 706d7794a822074aaf31502d7a7e48d3 files/2.6.7-cmdline.patch 455 MD5 b6e38b41c8a79943df2ab2642149d06f files/rsbac-dev-sources-CAN-2004-0497.patch 2214 MD5 f0e12ba218f53c2694a91259bdc2fdc7 files/rsbac-dev-sources-CAN-2004-0596.patch 494 @@ -15,3 +15,6 @@ MD5 accdbfc81ddc59d568ed845b5972f10a files/rsbac-dev-sources-2.6.7-70681-binfmt. MD5 7872d0af6e27fb6007833b113097bb34 files/rsbac-dev-sources-2.6.7-CAN-2004-0883.patch 3357 MD5 530630d25910e6bd9376b63ea099655f files/rsbac-dev-sources-2.6.7-AF_UNIX.patch 469 MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r9 281 +MD5 ee9c2340e890a15d199f98f98e027466 files/digest-rsbac-dev-sources-2.6.7-r10 281 +MD5 91dd923056c1af13054cb00fb0a8daa3 files/rsbac-dev-sources-2.6.7-dos_mem_disc1.patch 1578 +MD5 4c0855099b2f8bd4b6e06b4903d5ba74 files/rsbac-dev-sources-2.6.7-dos_mem_disc2.patch 7578 diff --git a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r9 b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r10 index 354ef30ca678..19b8dd9a9c31 100644 --- a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r9 +++ b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r10 @@ -1,4 +1,4 @@ MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228 MD5 f3759250e9c4bb5ccb773174fafe0ba7 rsbac-v1.2.3.tar.bz2 489127 -MD5 60fb38c61d8d8cc913d81ab93ff74972 rsbac-patches-2.6-7.1.tar.bz2 107363 +MD5 6a59fc81ca1786d6ed3185ecc98854de rsbac-patches-2.6-7.2.tar.bz2 109155 MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612 diff --git a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc1.patch b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc1.patch new file mode 100644 index 000000000000..162eb7bbe6f1 --- /dev/null +++ b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc1.patch @@ -0,0 +1,61 @@ +--- 1.143/fs/exec.c 2004-10-28 00:40:03 -07:00 ++++ edited/fs/exec.c 2004-11-11 19:24:54 -08:00 +@@ -413,6 +413,7 @@ + + down_write(&mm->mmap_sem); + { ++ struct vm_area_struct *vma; + mpnt->vm_mm = mm; + #ifdef CONFIG_STACK_GROWSUP + mpnt->vm_start = stack_base; +@@ -433,6 +434,12 @@ + mpnt->vm_flags = VM_STACK_FLAGS; + mpnt->vm_flags |= mm->def_flags; + mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; ++ vma = find_vma(mm, mpnt->vm_start); ++ if (vma) { ++ up_write(&mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return -ENOMEM; ++ } + insert_vm_struct(mm, mpnt); + mm->stack_vm = mm->total_vm = vma_pages(mpnt); + } +--- 1.25/fs/binfmt_aout.c 2004-10-18 22:26:36 -07:00 ++++ edited/fs/binfmt_aout.c 2004-11-11 22:28:58 -08:00 +@@ -43,13 +43,18 @@ + .min_coredump = PAGE_SIZE + }; + +-static void set_brk(unsigned long start, unsigned long end) ++#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) ++ ++static int set_brk(unsigned long start, unsigned long end) + { + start = PAGE_ALIGN(start); + end = PAGE_ALIGN(end); +- if (end <= start) +- return; +- do_brk(start, end - start); ++ if (end > start) { ++ unsigned long addr = do_brk(start, end - start); ++ if (BAD_ADDR(addr)) ++ return addr; ++ } ++ return 0; + } + + /* +@@ -413,7 +418,11 @@ + beyond_if: + set_binfmt(&aout_format); + +- set_brk(current->mm->start_brk, current->mm->brk); ++ retval = set_brk(current->mm->start_brk, current->mm->brk); ++ if (retval < 0) { ++ send_sig(SIGKILL, current, 0); ++ return retval; ++ } + + retval = setup_arg_pages(bprm, EXSTACK_DEFAULT); + if (retval < 0) { diff --git a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc2.patch b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc2.patch new file mode 100644 index 000000000000..c700a9c71832 --- /dev/null +++ b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-dos_mem_disc2.patch @@ -0,0 +1,191 @@ +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/ia64/ia32/binfmt_elf32.c linux-dsd/arch/ia64/ia32/binfmt_elf32.c +--- linux-2.6.7-gentoo-r19/arch/ia64/ia32/binfmt_elf32.c 2004-12-02 23:32:15.424906248 +0000 ++++ linux-dsd/arch/ia64/ia32/binfmt_elf32.c 2004-12-02 23:35:26.813810712 +0000 +@@ -82,7 +82,11 @@ ia64_elf32_init (struct pt_regs *regs) + vma->vm_ops = &ia32_shared_page_vm_ops; + down_write(¤t->mm->mmap_sem); + { +- insert_vm_struct(current->mm, vma); ++ if (insert_vm_struct(current->mm, vma)) { ++ kmem_cache_free(vm_area_cachep, vma); ++ up_write(¤t->mm->mmap_sem); ++ return; ++ } + } + up_write(¤t->mm->mmap_sem); + } +@@ -101,7 +105,11 @@ ia64_elf32_init (struct pt_regs *regs) + vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE; + down_write(¤t->mm->mmap_sem); + { +- insert_vm_struct(current->mm, vma); ++ if (insert_vm_struct(current->mm, vma)) { ++ kmem_cache_free(vm_area_cachep, vma); ++ up_write(¤t->mm->mmap_sem); ++ return; ++ } + } + up_write(¤t->mm->mmap_sem); + } +@@ -149,7 +157,7 @@ ia32_setup_arg_pages (struct linux_binpr + unsigned long stack_base; + struct vm_area_struct *mpnt; + struct mm_struct *mm = current->mm; +- int i; ++ int i, ret; + + stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + mm->arg_start = bprm->p + stack_base; +@@ -182,8 +190,12 @@ ia32_setup_arg_pages (struct linux_binpr + else + mpnt->vm_flags = VM_STACK_FLAGS; + mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)? +- PAGE_COPY_EXEC: PAGE_COPY; +- insert_vm_struct(current->mm, mpnt); ++ PAGE_COPY_EXEC: PAGE_COPY; ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/ia64/mm/init.c linux-dsd/arch/ia64/mm/init.c +--- linux-2.6.7-gentoo-r19/arch/ia64/mm/init.c 2004-12-02 23:32:15.425906096 +0000 ++++ linux-dsd/arch/ia64/mm/init.c 2004-12-02 23:36:46.937630040 +0000 +@@ -129,7 +129,13 @@ ia64_init_addr_space (void) + vma->vm_end = vma->vm_start + PAGE_SIZE; + vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7]; + vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE|VM_GROWSUP; +- insert_vm_struct(current->mm, vma); ++ down_write(¤t->mm->mmap_sem); ++ if (insert_vm_struct(current->mm, vma)) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return; ++ } ++ up_write(¤t->mm->mmap_sem); + } + + /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ +@@ -141,7 +147,13 @@ ia64_init_addr_space (void) + vma->vm_end = PAGE_SIZE; + vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); + vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; +- insert_vm_struct(current->mm, vma); ++ down_write(¤t->mm->mmap_sem); ++ if (insert_vm_struct(current->mm, vma)) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return; ++ } ++ up_write(¤t->mm->mmap_sem); + } + } + } +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/s390/kernel/compat_exec.c linux-dsd/arch/s390/kernel/compat_exec.c +--- linux-2.6.7-gentoo-r19/arch/s390/kernel/compat_exec.c 2004-12-02 23:32:15.426905944 +0000 ++++ linux-dsd/arch/s390/kernel/compat_exec.c 2004-12-02 23:39:18.846536376 +0000 +@@ -39,7 +39,7 @@ int setup_arg_pages32(struct linux_binpr + unsigned long stack_base; + struct vm_area_struct *mpnt; + struct mm_struct *mm = current->mm; +- int i; ++ int i, ret; + + stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + mm->arg_start = bprm->p + stack_base; +@@ -68,7 +68,11 @@ int setup_arg_pages32(struct linux_binpr + /* executable stack setting would be applied here */ + mpnt->vm_page_prot = PAGE_COPY; + mpnt->vm_flags = VM_STACK_FLAGS; +- insert_vm_struct(mm, mpnt); ++ if ((ret = insert_vm_struct(mm, mpnt))) { ++ up_write(&mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/x86_64/ia32/ia32_binfmt.c linux-dsd/arch/x86_64/ia32/ia32_binfmt.c +--- linux-2.6.7-gentoo-r19/arch/x86_64/ia32/ia32_binfmt.c 2004-12-02 23:32:15.427905792 +0000 ++++ linux-dsd/arch/x86_64/ia32/ia32_binfmt.c 2004-12-02 23:41:30.438531352 +0000 +@@ -330,7 +330,7 @@ int setup_arg_pages(struct linux_binprm + unsigned long stack_base; + struct vm_area_struct *mpnt; + struct mm_struct *mm = current->mm; +- int i; ++ int i, ret; + + stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE; + mm->arg_start = bprm->p + stack_base; +@@ -364,7 +364,11 @@ int setup_arg_pages(struct linux_binprm + mpnt->vm_flags = vm_stack_flags32; + mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ? + PAGE_COPY_EXEC : PAGE_COPY; +- insert_vm_struct(mm, mpnt); ++ if ((ret = insert_vm_struct(mm, mpnt))) { ++ up_write(&mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/fs/exec.c linux-dsd/fs/exec.c +--- linux-2.6.7-gentoo-r19/fs/exec.c 2004-12-02 23:32:15.428905640 +0000 ++++ linux-dsd/fs/exec.c 2004-12-02 23:33:06.941074600 +0000 +@@ -342,7 +342,7 @@ int setup_arg_pages(struct linux_binprm + unsigned long stack_base; + struct vm_area_struct *mpnt; + struct mm_struct *mm = current->mm; +- int i; ++ int i, ret; + long arg_size; + + #ifdef CONFIG_STACK_GROWSUP +@@ -413,7 +413,6 @@ int setup_arg_pages(struct linux_binprm + + down_write(&mm->mmap_sem); + { +- struct vm_area_struct *vma; + mpnt->vm_mm = mm; + #ifdef CONFIG_STACK_GROWSUP + mpnt->vm_start = stack_base; +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/include/linux/mm.h linux-dsd/include/linux/mm.h +--- linux-2.6.7-gentoo-r19/include/linux/mm.h 2004-12-02 23:32:15.430905336 +0000 ++++ linux-dsd/include/linux/mm.h 2004-12-02 23:33:06.942074448 +0000 +@@ -623,7 +623,7 @@ extern struct vm_area_struct *vma_merge( + extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); + extern int split_vma(struct mm_struct *, + struct vm_area_struct *, unsigned long addr, int new_below); +-extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); ++extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); + extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *, + struct rb_node **, struct rb_node *); + extern struct vm_area_struct *copy_vma(struct vm_area_struct **, +diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/mm/mmap.c linux-dsd/mm/mmap.c +--- linux-2.6.7-gentoo-r19/mm/mmap.c 2004-12-02 23:32:15.432905032 +0000 ++++ linux-dsd/mm/mmap.c 2004-12-02 23:33:06.944074144 +0000 +@@ -1722,7 +1722,7 @@ void exit_mmap(struct mm_struct *mm) + * and into the inode's i_mmap tree. If vm_file is non-NULL + * then i_mmap_lock is taken here. + */ +-void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) ++int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) + { + struct vm_area_struct * __vma, * prev; + struct rb_node ** rb_link, * rb_parent; +@@ -1745,8 +1745,9 @@ void insert_vm_struct(struct mm_struct * + } + __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent); + if (__vma && __vma->vm_start < vma->vm_end) +- BUG(); ++ return -ENOMEM; + vma_link(mm, vma, prev, rb_link, rb_parent); ++ return 0; + } + + /* diff --git a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r9.ebuild b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r10.ebuild index 21f0577cd80f..9fe71cfb6ecd 100644 --- a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r9.ebuild +++ b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r10.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r9.ebuild,v 1.1 2004/12/02 18:56:58 kang Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r10.ebuild,v 1.1 2004/12/08 19:53:28 kang Exp $ IUSE="" ETYPE="sources" @@ -13,8 +13,8 @@ RSBAC_SRC="http://rsbac.org/download/code/v${RSBACV}/rsbac-v${RSBACV}.tar.bz2" CAN_SRC="http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.6.7-CAN-2004-0415.patch" # rsbac kernel patches -RGPV=7.1 -RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" +RGPV=7.2 +RGPV_SRC="http://dev.gentoo.org/~kang/rsbac/patches/1.2.3/2.6/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2" UNIPATCH_STRICTORDER="yes" UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch @@ -28,7 +28,8 @@ UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch ${DISTDIR}/linux-2.6.7-CAN-2004-0415.patch ${DISTDIR}/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2 ${FILESDIR}/${PN}-v1.2.3-3.patch - ${FILESDIR}/rsbac-bugfix-v1.2.3-*.diff" + ${FILESDIR}/rsbac-bugfix-v1.2.3-*.diff + ${FILESDIR}/${PN}-${OKV}-dos_mem_disc*.patch" UNIPATCH_DOCS="${WORKDIR}/patches/rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}/0000_README" HOMEPAGE="http://hardened.gentoo.org/rsbac/" |