rpms/kernel/F-12 ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch, NONE, 1.1 kernel.spec, 1.2109, 1.2110

Chuck Ebbert cebbert at fedoraproject.org
Fri Jul 23 18:10:51 UTC 2010 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv16479

Modified Files:
	kernel.spec 
Added Files:
	ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch 
Log Message:
ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch
  (CVE-2010-2066)

ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch:
 move_extent.c |    3 +++
 1 file changed, 3 insertions(+)

--- NEW FILE ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch ---
>From 1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso at mit.edu>
Date: Wed, 2 Jun 2010 22:04:39 -0400
Subject: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files

From: Theodore Ts'o <tytso at mit.edu>

commit 1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 upstream.

Dan Roseberg has reported a problem with the MOVE_EXT ioctl.  If the
donor file is an append-only file, we should not allow the operation
to proceed, lest we end up overwriting the contents of an append-only
file.

Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
Cc: Dan Rosenberg <dan.j.rosenberg at gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>

---
 fs/ext4/move_extent.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -959,6 +959,9 @@ mext_check_arguments(struct inode *orig_
 		return -EINVAL;
 	}
 
+	if (IS_IMMUTABLE(donor_inode) || IS_APPEND(donor_inode))
+		return -EPERM;
+
 	/* Ext4 move extent does not support swapfile */
 	if (IS_SWAPFILE(orig_inode) || IS_SWAPFILE(donor_inode)) {
 		ext4_debug("ext4 move extent: The argument files should "


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-12/kernel.spec,v
retrieving revision 1.2109
retrieving revision 1.2110
diff -u -p -r1.2109 -r1.2110
--- kernel.spec	22 Jul 2010 21:44:42 -0000	1.2109
+++ kernel.spec	23 Jul 2010 18:10:50 -0000	1.2110
@@ -848,6 +848,7 @@ Patch14040: crypto-testmgr-add-null-test
 Patch14050: crypto-add-async-hash-testing.patch
 
 Patch14100: cifs-fix-malicious-redirect-problem-in-the-dns-lookup-code.patch
+Patch14110: ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch
 
 # ==============================================================================
 %endif
@@ -1556,6 +1557,8 @@ ApplyPatch crypto-add-async-hash-testing
 
 # CVE-2010-2524
 ApplyPatch cifs-fix-malicious-redirect-problem-in-the-dns-lookup-code.patch
+# CVE-2010-2066
+ApplyPatch ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch
 
 # END OF PATCH APPLICATIONS ====================================================
 %endif
@@ -2206,6 +2209,10 @@ fi
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
 %changelog
+* Fri Jul 23 2010 Chuck Ebbert <cebbert at redhat.com>  2.6.32.16-148
+- ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch
+  (CVE-2010-2066)
+
 * Thu Jul 22 2010 Chuck Ebbert <cebbert at redhat.com>  2.6.32.16-147
 - cifs-fix-malicious-redirect-problem-in-the-dns-lookup-code.patch:
   Fix a malicious redirect problem in the DNS lookup code (CVE-2010-2524)

More information about the scm-commits mailing list