wok-current rev 15676

linux: add CVE-2013-2929 fix (again)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Thu Dec 19 11:33:46 2013 +0000 (2013-12-19)
parents e012a20e6db4
children b1e8582f0aaa
files linux/stuff/linux-CVE-2013-2929.u
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/linux/stuff/linux-CVE-2013-2929.u	Thu Dec 19 11:33:46 2013 +0000
     1.3 @@ -0,0 +1,47 @@
     1.4 +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4004afd5f51ad0a86be405522b1ecf28ba66f4e5
     1.5 +--- linux-3.2.53/arch/ia64/include/asm/processor.h
     1.6 ++++ linux-3.2.53/arch/ia64/include/asm/processor.h
     1.7 +@@ -320,7 +320,7 @@
     1.8 + 	regs->loadrs = 0;									\
     1.9 + 	regs->r8 = get_dumpable(current->mm);	/* set "don't zap registers" flag */		\
    1.10 + 	regs->r12 = new_sp - 16;	/* allocate 16 byte scratch area */			\
    1.11 +-	if (unlikely(!get_dumpable(current->mm))) {							\
    1.12 ++	if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) {							\
    1.13 + 		/*										\
    1.14 + 		 * Zap scratch regs to avoid leaking bits between processes with different	\
    1.15 + 		 * uid/privileges.								\
    1.16 +--- linux-3.2.53/include/linux/binfmts.h
    1.17 ++++ linux-3.2.53/include/linux/binfmts.h
    1.18 +@@ -112,9 +112,6 @@
    1.19 + extern void would_dump(struct linux_binprm *, struct file *);
    1.20 + 
    1.21 + extern int suid_dumpable;
    1.22 +-#define SUID_DUMP_DISABLE	0	/* No setuid dumping */
    1.23 +-#define SUID_DUMP_USER		1	/* Dump as user of process */
    1.24 +-#define SUID_DUMP_ROOT		2	/* Dump as root */
    1.25 + 
    1.26 + /* Stack area protections */
    1.27 + #define EXSTACK_DEFAULT   0	/* Whatever the arch defaults to */
    1.28 +--- linux-3.2.53/include/linux/sched.h
    1.29 ++++ linux-3.2.53/include/linux/sched.h
    1.30 +@@ -402,6 +402,9 @@
    1.31 + 
    1.32 + extern void set_dumpable(struct mm_struct *mm, int value);
    1.33 + extern int get_dumpable(struct mm_struct *mm);
    1.34 ++#define SUID_DUMP_DISABLE	0	/* No setuid dumping */
    1.35 ++#define SUID_DUMP_USER		1	/* Dump as user of process */
    1.36 ++#define SUID_DUMP_ROOT		2	/* Dump as root */
    1.37 + 
    1.38 + /* mm flags */
    1.39 + /* dumpable bits */
    1.40 +--- linux-3.2.53/kernel/ptrace.c
    1.41 ++++ linux-3.2.53/kernel/ptrace.c
    1.42 +@@ -246,7 +246,7 @@
    1.43 + 	smp_rmb();
    1.44 + 	if (task->mm)
    1.45 + 		dumpable = get_dumpable(task->mm);
    1.46 +-	if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
    1.47 ++	if (dumpable != SUID_DUMP_USER && !task_ns_capable(task, CAP_SYS_PTRACE))
    1.48 + 		return -EPERM;
    1.49 + 
    1.50 + 	return security_ptrace_access_check(task, mode);