# HG changeset patch # User Pascal Bellard # Date 1387452826 0 # Node ID a5cec45811e484a0a83b1245bb5129b5e835d739 # Parent e012a20e6db4c9646b99d7b708778d29a18018d8 linux: add CVE-2013-2929 fix (again) diff -r e012a20e6db4 -r a5cec45811e4 linux/stuff/linux-CVE-2013-2929.u --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/linux/stuff/linux-CVE-2013-2929.u Thu Dec 19 11:33:46 2013 +0000 @@ -0,0 +1,47 @@ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4004afd5f51ad0a86be405522b1ecf28ba66f4e5 +--- linux-3.2.53/arch/ia64/include/asm/processor.h ++++ linux-3.2.53/arch/ia64/include/asm/processor.h +@@ -320,7 +320,7 @@ + regs->loadrs = 0; \ + regs->r8 = get_dumpable(current->mm); /* set "don't zap registers" flag */ \ + regs->r12 = new_sp - 16; /* allocate 16 byte scratch area */ \ +- if (unlikely(!get_dumpable(current->mm))) { \ ++ if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) { \ + /* \ + * Zap scratch regs to avoid leaking bits between processes with different \ + * uid/privileges. \ +--- linux-3.2.53/include/linux/binfmts.h ++++ linux-3.2.53/include/linux/binfmts.h +@@ -112,9 +112,6 @@ + extern void would_dump(struct linux_binprm *, struct file *); + + extern int suid_dumpable; +-#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ +-#define SUID_DUMP_USER 1 /* Dump as user of process */ +-#define SUID_DUMP_ROOT 2 /* Dump as root */ + + /* Stack area protections */ + #define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */ +--- linux-3.2.53/include/linux/sched.h ++++ linux-3.2.53/include/linux/sched.h +@@ -402,6 +402,9 @@ + + extern void set_dumpable(struct mm_struct *mm, int value); + extern int get_dumpable(struct mm_struct *mm); ++#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ ++#define SUID_DUMP_USER 1 /* Dump as user of process */ ++#define SUID_DUMP_ROOT 2 /* Dump as root */ + + /* mm flags */ + /* dumpable bits */ +--- linux-3.2.53/kernel/ptrace.c ++++ linux-3.2.53/kernel/ptrace.c +@@ -246,7 +246,7 @@ + smp_rmb(); + if (task->mm) + dumpable = get_dumpable(task->mm); +- if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE)) ++ if (dumpable != SUID_DUMP_USER && !task_ns_capable(task, CAP_SYS_PTRACE)) + return -EPERM; + + return security_ptrace_access_check(task, mode);