Make taskstats require root access (CVE-2011-2494)

We want this fix everywhere, not just in rt!

svn path=/dists/sid/linux-2.6/; revision=18151

debian/changelog

@@ -55,6 +55,7 @@ linux-2.6 (3.0.0-5) UNRELEASED; urgency=low
     For the complete list of changes, see:
      http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.5
      http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.6
+  * Make taskstats require root access (CVE-2011-2494)
 
   [ Uwe Kleine-König ]
   * [amd64] Update rt featureset to 3.0.6-rt16 (Closes: #643301)

debian/patches/bugfix/all/Make-TASKSTATS-require-root-access.patch

@@ -0,0 +1,37 @@
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 19 Sep 2011 17:04:37 -0700
+Subject: [PATCH] Make TASKSTATS require root access
+
+commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream.
+
+Ok, this isn't optimal, since it means that 'iotop' needs admin
+capabilities, and we may have to work on this some more.  But at the
+same time it is very much not acceptable to let anybody just read
+anybody elses IO statistics quite at this level.
+
+Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
+to checking the capabilities by hand.
+
+Reported-by: Vasiliy Kulikov <segoon@openwall.com>
+Cc: Johannes Berg <johannes.berg@intel.com>
+Acked-by: Balbir Singh <bsingharora@gmail.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ kernel/taskstats.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/taskstats.c b/kernel/taskstats.c
+index e19ce14..e660464 100644
+--- a/kernel/taskstats.c
++++ b/kernel/taskstats.c
+@@ -655,6 +655,7 @@ static struct genl_ops taskstats_ops = {
+ 	.cmd		= TASKSTATS_CMD_GET,
+ 	.doit		= taskstats_user_cmd,
+ 	.policy		= taskstats_cmd_get_policy,
++	.flags		= GENL_ADMIN_PERM,
+ };
+ 
+ static struct genl_ops cgroupstats_ops = {
+-- 
+1.7.6.3
+

debian/patches/features/all/rt/patch-3.0.6-rt16.patch

@@ -1,3 +1,6 @@
+[bwh: Dropped fix to kernel/taskstats.c applied separately in
+ bugfix/all/Make-TASKSTATS-require-root-access.patch]
+
 Index: linux-2.6/mm/memory.c
 ===================================================================
 --- linux-2.6.orig/mm/memory.c
@@ -1228,18 +1231,6 @@ Index: linux-2.6/arch/x86/kernel/irq.c
  	inc_irq_stat(x86_platform_ipis);
  
  	if (x86_platform_ipi_callback)
-Index: linux-2.6/kernel/taskstats.c
-===================================================================
---- linux-2.6.orig/kernel/taskstats.c
-+++ linux-2.6/kernel/taskstats.c
-@@ -657,6 +657,7 @@ static struct genl_ops taskstats_ops = {
- 	.cmd		= TASKSTATS_CMD_GET,
- 	.doit		= taskstats_user_cmd,
- 	.policy		= taskstats_cmd_get_policy,
-+	.flags		= GENL_ADMIN_PERM,
- };
- 
- static struct genl_ops cgroupstats_ops = {
 Index: linux-2.6/kernel/trace/ftrace.c
 ===================================================================
 --- linux-2.6.orig/kernel/trace/ftrace.c

debian/patches/series/5

@@ -7,3 +7,5 @@
 - bugfix/all/netfilter-TCP-and-raw-fix-for-ip_route_me_harder.patch
 + bugfix/all/stable/3.0.5.patch
 + bugfix/all/stable/3.0.6.patch
+
++ bugfix/all/Make-TASKSTATS-require-root-access.patch