Make taskstats require root access (CVE-2011-2494)
We want this fix everywhere, not just in rt! svn path=/dists/sid/linux-2.6/; revision=18151
This commit is contained in:
parent
d0a01a6a66
commit
0e076e3520
|
@ -55,6 +55,7 @@ linux-2.6 (3.0.0-5) UNRELEASED; urgency=low
|
|||
For the complete list of changes, see:
|
||||
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.5
|
||||
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.6
|
||||
* Make taskstats require root access (CVE-2011-2494)
|
||||
|
||||
[ Uwe Kleine-König ]
|
||||
* [amd64] Update rt featureset to 3.0.6-rt16 (Closes: #643301)
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Mon, 19 Sep 2011 17:04:37 -0700
|
||||
Subject: [PATCH] Make TASKSTATS require root access
|
||||
|
||||
commit 1a51410abe7d0ee4b1d112780f46df87d3621043 upstream.
|
||||
|
||||
Ok, this isn't optimal, since it means that 'iotop' needs admin
|
||||
capabilities, and we may have to work on this some more. But at the
|
||||
same time it is very much not acceptable to let anybody just read
|
||||
anybody elses IO statistics quite at this level.
|
||||
|
||||
Use of the GENL_ADMIN_PERM suggested by Johannes Berg as an alternative
|
||||
to checking the capabilities by hand.
|
||||
|
||||
Reported-by: Vasiliy Kulikov <segoon@openwall.com>
|
||||
Cc: Johannes Berg <johannes.berg@intel.com>
|
||||
Acked-by: Balbir Singh <bsingharora@gmail.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
kernel/taskstats.c | 1 +
|
||||
1 files changed, 1 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/kernel/taskstats.c b/kernel/taskstats.c
|
||||
index e19ce14..e660464 100644
|
||||
--- a/kernel/taskstats.c
|
||||
+++ b/kernel/taskstats.c
|
||||
@@ -655,6 +655,7 @@ static struct genl_ops taskstats_ops = {
|
||||
.cmd = TASKSTATS_CMD_GET,
|
||||
.doit = taskstats_user_cmd,
|
||||
.policy = taskstats_cmd_get_policy,
|
||||
+ .flags = GENL_ADMIN_PERM,
|
||||
};
|
||||
|
||||
static struct genl_ops cgroupstats_ops = {
|
||||
--
|
||||
1.7.6.3
|
||||
|
|
@ -1,3 +1,6 @@
|
|||
[bwh: Dropped fix to kernel/taskstats.c applied separately in
|
||||
bugfix/all/Make-TASKSTATS-require-root-access.patch]
|
||||
|
||||
Index: linux-2.6/mm/memory.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/mm/memory.c
|
||||
|
@ -1228,18 +1231,6 @@ Index: linux-2.6/arch/x86/kernel/irq.c
|
|||
inc_irq_stat(x86_platform_ipis);
|
||||
|
||||
if (x86_platform_ipi_callback)
|
||||
Index: linux-2.6/kernel/taskstats.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/kernel/taskstats.c
|
||||
+++ linux-2.6/kernel/taskstats.c
|
||||
@@ -657,6 +657,7 @@ static struct genl_ops taskstats_ops = {
|
||||
.cmd = TASKSTATS_CMD_GET,
|
||||
.doit = taskstats_user_cmd,
|
||||
.policy = taskstats_cmd_get_policy,
|
||||
+ .flags = GENL_ADMIN_PERM,
|
||||
};
|
||||
|
||||
static struct genl_ops cgroupstats_ops = {
|
||||
Index: linux-2.6/kernel/trace/ftrace.c
|
||||
===================================================================
|
||||
--- linux-2.6.orig/kernel/trace/ftrace.c
|
||||
|
|
|
@ -7,3 +7,5 @@
|
|||
- bugfix/all/netfilter-TCP-and-raw-fix-for-ip_route_me_harder.patch
|
||||
+ bugfix/all/stable/3.0.5.patch
|
||||
+ bugfix/all/stable/3.0.6.patch
|
||||
|
||||
+ bugfix/all/Make-TASKSTATS-require-root-access.patch
|
||||
|
|
Loading…
Reference in New Issue