rpms/kernel/F-10 linux-2.6.29-cred-fix-suid-exec-regression.patch, NONE, 1.1 patch-2.6.29-rc3-git11.bz2.sign, NONE, 1.1 .cvsignore, 1.975, 1.976 config-generic, 1.213, 1.214 kernel.spec, 1.1248, 1.1249 sources, 1.937, 1.938 upstream, 1.848, 1.849 linux-2.6.29-btrfs-readdir-fix.patch, 1.1, NONE linux-2.6.29-btrfs-selinux.patch, 1.1, NONE linux-2.6.29-btrfs-setxattr-fix.patch, 1.1, NONE patch-2.6.29-rc3-git9.bz2.sign, 1.1, NONE
Chuck Ebbert
cebbert at fedoraproject.org
Sat Feb 7 16:49:30 UTC 2009
- Previous message: rpms/libpst/F-10 libpst.spec,1.10,1.11
- Next message: rpms/cairo-dock/devel cairo-dock-rev1520-compile.patch, NONE, 1.1 cairo-dock.spec, 1.155, 1.156 cairo-dock-rev1455-compile.patch, 1.1, NONE cairo-dock-rev1481-compile.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3684
Modified Files:
.cvsignore config-generic kernel.spec sources upstream
Added Files:
linux-2.6.29-cred-fix-suid-exec-regression.patch
patch-2.6.29-rc3-git11.bz2.sign
Removed Files:
linux-2.6.29-btrfs-readdir-fix.patch
linux-2.6.29-btrfs-selinux.patch
linux-2.6.29-btrfs-setxattr-fix.patch
patch-2.6.29-rc3-git9.bz2.sign
Log Message:
2.6.29-rc3-git11
Add not-yet-merged credentials suid exec fix.
linux-2.6.29-cred-fix-suid-exec-regression.patch:
--- NEW FILE linux-2.6.29-cred-fix-suid-exec-regression.patch ---
From: David Howells <dhowells at redhat.com>
Date: Fri, 6 Feb 2009 11:45:46 +0000 (+0000)
Subject: CRED: Fix SUID exec regression
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fjmorris%2Fsecurity-testing-2.6.git;a=commitdiff_plain;h=0bf2f3aec5474da80a60e1baca629af87ecb67b6
CRED: Fix SUID exec regression
The patch:
commit a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d
CRED: Make execve() take advantage of copy-on-write credentials
moved the place in which the 'safeness' of a SUID/SGID exec was performed to
before de_thread() was called. This means that LSM_UNSAFE_SHARE is now
calculated incorrectly. This flag is set if any of the usage counts for
fs_struct, files_struct and sighand_struct are greater than 1 at the time the
determination is made. All of which are true for threads created by the
pthread library.
However, since we wish to make the security calculation before irrevocably
damaging the process so that we can return it an error code in the case where
we decide we want to reject the exec request on this basis, we have to make the
determination before calling de_thread().
So, instead, we count up the number of threads (CLONE_THREAD) that are sharing
our fs_struct (CLONE_FS), files_struct (CLONE_FILES) and sighand_structs
(CLONE_SIGHAND/CLONE_THREAD) with us. These will be killed by de_thread() and
so can be discounted by check_unsafe_exec().
We do have to be careful because CLONE_THREAD does not imply FS or FILES.
We _assume_ that there will be no extra references to these structs held by the
threads we're going to kill.
This can be tested with the attached pair of programs. Build the two programs
using the Makefile supplied, and run ./test1 as a non-root user. If
successful, you should see something like:
[dhowells at andromeda tmp]$ ./test1
--TEST1--
uid=4043, euid=4043 suid=4043
exec ./test2
--TEST2--
uid=4043, euid=0 suid=0
SUCCESS - Correct effective user ID
and if unsuccessful, something like:
[dhowells at andromeda tmp]$ ./test1
--TEST1--
uid=4043, euid=4043 suid=4043
exec ./test2
--TEST2--
uid=4043, euid=4043 suid=4043
ERROR - Incorrect effective user ID!
The non-root user ID you see will depend on the user you run as.
[test1.c]
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>
static void *thread_func(void *arg)
{
while (1) {}
}
int main(int argc, char **argv)
{
pthread_t tid;
uid_t uid, euid, suid;
printf("--TEST1--\n");
getresuid(&uid, &euid, &suid);
printf("uid=%d, euid=%d suid=%d\n", uid, euid, suid);
if (pthread_create(&tid, NULL, thread_func, NULL) < 0) {
perror("pthread_create");
exit(1);
}
printf("exec ./test2\n");
execlp("./test2", "test2", NULL);
perror("./test2");
_exit(1);
}
[test2.c]
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char **argv)
{
uid_t uid, euid, suid;
getresuid(&uid, &euid, &suid);
printf("--TEST2--\n");
printf("uid=%d, euid=%d suid=%d\n", uid, euid, suid);
if (euid != 0) {
fprintf(stderr, "ERROR - Incorrect effective user ID!\n");
exit(1);
}
printf("SUCCESS - Correct effective user ID\n");
exit(0);
}
[Makefile]
CFLAGS = -D_GNU_SOURCE -Wall -Werror -Wunused
all: test1 test2
test1: test1.c
gcc $(CFLAGS) -o test1 test1.c -lpthread
test2: test2.c
gcc $(CFLAGS) -o test2 test2.c
sudo chown root.root test2
sudo chmod +s test2
Reported-by: David Smith <dsmith at redhat.com>
Signed-off-by: David Howells <dhowells at redhat.com>
Acked-by: David Smith <dsmith at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
---
diff --git a/fs/compat.c b/fs/compat.c
index 65a070e..d0145ca 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1407,7 +1407,7 @@ int compat_do_execve(char * filename,
bprm->cred = prepare_exec_creds();
if (!bprm->cred)
goto out_unlock;
- check_unsafe_exec(bprm);
+ check_unsafe_exec(bprm, current->files);
file = open_exec(filename);
retval = PTR_ERR(file);
diff --git a/fs/exec.c b/fs/exec.c
index 0dd60a0..929b580 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1049,16 +1049,32 @@ EXPORT_SYMBOL(install_exec_creds);
* - the caller must hold current->cred_exec_mutex to protect against
* PTRACE_ATTACH
*/
-void check_unsafe_exec(struct linux_binprm *bprm)
+void check_unsafe_exec(struct linux_binprm *bprm, struct files_struct *files)
{
- struct task_struct *p = current;
+ struct task_struct *p = current, *t;
+ unsigned long flags;
+ unsigned n_fs, n_files, n_sighand;
bprm->unsafe = tracehook_unsafe_exec(p);
- if (atomic_read(&p->fs->count) > 1 ||
- atomic_read(&p->files->count) > 1 ||
- atomic_read(&p->sighand->count) > 1)
+ n_fs = 1;
+ n_files = 1;
+ n_sighand = 1;
+ lock_task_sighand(p, &flags);
+ for (t = next_thread(p); t != p; t = next_thread(t)) {
+ if (t->fs == p->fs)
+ n_fs++;
+ if (t->files == files)
+ n_files++;
+ n_sighand++;
+ }
+
+ if (atomic_read(&p->fs->count) > n_fs ||
+ atomic_read(&p->files->count) > n_files ||
+ atomic_read(&p->sighand->count) > n_sighand)
bprm->unsafe |= LSM_UNSAFE_SHARE;
+
+ unlock_task_sighand(p, &flags);
}
/*
@@ -1273,7 +1289,7 @@ int do_execve(char * filename,
bprm->cred = prepare_exec_creds();
if (!bprm->cred)
goto out_unlock;
- check_unsafe_exec(bprm);
+ check_unsafe_exec(bprm, displaced);
file = open_exec(filename);
retval = PTR_ERR(file);
diff --git a/fs/internal.h b/fs/internal.h
index 53af885..0d8ac49 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -43,7 +43,7 @@ extern void __init chrdev_init(void);
/*
* exec.c
*/
-extern void check_unsafe_exec(struct linux_binprm *);
+extern void check_unsafe_exec(struct linux_binprm *, struct files_struct *);
/*
* namespace.c
--- NEW FILE patch-2.6.29-rc3-git11.bz2.sign ---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBJjXg8yGugalF9Dw4RAkT1AJkB6yIBJlp8My/H4SaUtokZtilHpwCglMZx
HESZUniI2qVdIrype8wKMho=
=1QAT
-----END PGP SIGNATURE-----
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/.cvsignore,v
retrieving revision 1.975
retrieving revision 1.976
diff -u -r1.975 -r1.976
--- .cvsignore 6 Feb 2009 15:02:35 -0000 1.975
+++ .cvsignore 7 Feb 2009 16:48:57 -0000 1.976
@@ -5,4 +5,4 @@
kernel-2.6.28
linux-2.6.28.tar.bz2
patch-2.6.29-rc3.bz2
-patch-2.6.29-rc3-git9.bz2
+patch-2.6.29-rc3-git11.bz2
Index: config-generic
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/config-generic,v
retrieving revision 1.213
retrieving revision 1.214
diff -u -r1.213 -r1.214
--- config-generic 6 Feb 2009 15:02:35 -0000 1.213
+++ config-generic 7 Feb 2009 16:48:57 -0000 1.214
@@ -3182,6 +3182,7 @@
CONFIG_OCFS2_FS_POSIX_ACL=y
CONFIG_BTRFS_FS=m
+CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_CONFIGFS_FS=m
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1248
retrieving revision 1.1249
diff -u -r1.1248 -r1.1249
--- kernel.spec 7 Feb 2009 05:42:20 -0000 1.1248
+++ kernel.spec 7 Feb 2009 16:48:58 -0000 1.1249
@@ -57,7 +57,7 @@
# The rc snapshot level
%define rcrev 3
# The git snapshot level
-%define gitrev 9
+%define gitrev 11
# Set rpm version accordingly
%define rpmversion 2.6.%{upstream_sublevel}
%endif
@@ -661,16 +661,9 @@
# silence the ACPI blacklist code
Patch2802: linux-2.6-silence-acpi-blacklist.patch
-Patch9001: revert-fix-modules_install-via-nfs.patch
-
-# Hook up proper selinux bits for btrfs
-Patch9003: linux-2.6.29-btrfs-selinux.patch
-
-# Fix setxattr bug in btrfs
-Patch9004: linux-2.6.29-btrfs-setxattr-fix.patch
+Patch3000: linux-2.6.29-cred-fix-suid-exec-regression.patch
-# Fix readdir for 32bit boxes in btrfs
-Patch9005: linux-2.6.29-btrfs-readdir-fix.patch
+Patch9001: revert-fix-modules_install-via-nfs.patch
%endif
@@ -1073,9 +1066,6 @@
# xfs
# btrfs
-ApplyPatch linux-2.6.29-btrfs-selinux.patch
-ApplyPatch linux-2.6.29-btrfs-setxattr-fix.patch
-ApplyPatch linux-2.6.29-btrfs-readdir-fix.patch
# USB
@@ -1178,6 +1168,8 @@
# silence the ACPI blacklist code
ApplyPatch linux-2.6-silence-acpi-blacklist.patch
+ApplyPatch linux-2.6.29-cred-fix-suid-exec-regression.patch
+
# revert 8b249b6856f16f09b0e5b79ce5f4d435e439b9d6
ApplyPatch revert-fix-modules_install-via-nfs.patch
@@ -1757,6 +1749,10 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Sat Feb 08 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29-0.19.rc3.git11
+- 2.6.29-rc3-git11
+- Add not-yet-merged credentials suid exec fix.
+
* Fri Feb 06 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29-0.18.rc3.git9
- Revert nouveau to 0.0.11 for now.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/sources,v
retrieving revision 1.937
retrieving revision 1.938
diff -u -r1.937 -r1.938
--- sources 6 Feb 2009 15:02:35 -0000 1.937
+++ sources 7 Feb 2009 16:48:58 -0000 1.938
@@ -1,3 +1,3 @@
d351e44709c9810b85e29b877f50968a linux-2.6.28.tar.bz2
d95a5be60287e9632c9d0513b59f6511 patch-2.6.29-rc3.bz2
-fbfd3bb0baac8f40e54b1ad53a2b89bd patch-2.6.29-rc3-git9.bz2
+6bd1044f440f906a6cd72ab40c7b41ff patch-2.6.29-rc3-git11.bz2
Index: upstream
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/upstream,v
retrieving revision 1.848
retrieving revision 1.849
diff -u -r1.848 -r1.849
--- upstream 6 Feb 2009 15:02:35 -0000 1.848
+++ upstream 7 Feb 2009 16:48:58 -0000 1.849
@@ -1,3 +1,3 @@
linux-2.6.28.tar.bz2
patch-2.6.29-rc3.bz2
-patch-2.6.29-rc3-git9.bz2
+patch-2.6.29-rc3-git11.bz2
--- linux-2.6.29-btrfs-readdir-fix.patch DELETED ---
--- linux-2.6.29-btrfs-selinux.patch DELETED ---
--- linux-2.6.29-btrfs-setxattr-fix.patch DELETED ---
--- patch-2.6.29-rc3-git9.bz2.sign DELETED ---
- Previous message: rpms/libpst/F-10 libpst.spec,1.10,1.11
- Next message: rpms/cairo-dock/devel cairo-dock-rev1520-compile.patch, NONE, 1.1 cairo-dock.spec, 1.155, 1.156 cairo-dock-rev1455-compile.patch, 1.1, NONE cairo-dock-rev1481-compile.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list