CVE-2012-2123 fcaps: clear the same personality flags as suid when fcaps are used (rhbz 814523 806722)
This commit is contained in:
Josh Boyer
parent
92b55943d6
commit
7439674e98
|
|
@ -0,0 +1,38 @@
|
|||
From d52fc5dde171f030170a6cb78034d166b13c9445 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Paris <eparis@redhat.com>
|
||||
Date: Tue, 17 Apr 2012 16:26:54 -0400
|
||||
Subject: [PATCH] fcaps: clear the same personality flags as suid when fcaps
|
||||
are used
|
||||
|
||||
If a process increases permissions using fcaps all of the dangerous
|
||||
personality flags which are cleared for suid apps should also be cleared.
|
||||
Thus programs given priviledge with fcaps will continue to have address space
|
||||
randomization enabled even if the parent tried to disable it to make it
|
||||
easier to attack.
|
||||
|
||||
Signed-off-by: Eric Paris <eparis@redhat.com>
|
||||
Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
|
||||
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
||||
---
|
||||
security/commoncap.c | 5 +++++
|
||||
1 files changed, 5 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/security/commoncap.c b/security/commoncap.c
|
||||
index 0cf4b53..0ecf4ba 100644
|
||||
--- a/security/commoncap.c
|
||||
+++ b/security/commoncap.c
|
||||
@@ -505,6 +505,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
|
||||
}
|
||||
skip:
|
||||
|
||||
+ /* if we have fs caps, clear dangerous personality flags */
|
||||
+ if (!cap_issubset(new->cap_permitted, old->cap_permitted))
|
||||
+ bprm->per_clear |= PER_CLEAR_ON_SETID;
|
||||
+
|
||||
+
|
||||
/* Don't let someone trace a set[ug]id/setpcap binary with the revised
|
||||
* credentials unless they have the appropriate permit
|
||||
*/
|
||||
--
|
||||
1.7.7.6
|
||||
|
||||
14
kernel.spec
14
kernel.spec
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 4
|
||||
%global baserelease 5
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
|
@ -810,6 +810,10 @@ Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
|
|||
#rhbz 814278 814289 CVE-2012-2119
|
||||
Patch22007: macvtap-zerocopy-validate-vector-length.patch
|
||||
|
||||
#rhbz 814523 806722 CVE-2012-2123
|
||||
Patch22008: fcaps-clear-the-same-personality-flags-as-suid-when-.patch
|
||||
Patch22009: security-fix-compile-error-in-commoncap.c.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1511,6 +1515,10 @@ ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
|
|||
#rhbz 814278 814289 CVE-2012-2119
|
||||
ApplyPatch macvtap-zerocopy-validate-vector-length.patch
|
||||
|
||||
#rhbz 814523 806722 CVE-2012-2123
|
||||
ApplyPatch fcaps-clear-the-same-personality-flags-as-suid-when-.patch
|
||||
ApplyPatch security-fix-compile-error-in-commoncap.c.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2249,6 +2257,10 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Fri Apr 20 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- CVE-2012-2123 fcaps: clear the same personality flags as suid when fcaps
|
||||
are used (rhbz 814523 806722)
|
||||
|
||||
* Thu Apr 19 2012 Justin M. Forbes <jforbes@redhat.com> - 3.3.2-4
|
||||
- CVE-2012-2119 macvtap: zerocopy: vector length is not validated before
|
||||
pinning user pages (rhbz 814278 814289)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
From 51b79bee627d526199b2f6a6bef8ee0c0739b6d1 Mon Sep 17 00:00:00 2001
|
||||
From: Jonghwan Choi <jhbird.choi@samsung.com>
|
||||
Date: Wed, 18 Apr 2012 17:23:04 -0400
|
||||
Subject: [PATCH] security: fix compile error in commoncap.c
|
||||
|
||||
Add missing "personality.h"
|
||||
security/commoncap.c: In function 'cap_bprm_set_creds':
|
||||
security/commoncap.c:510: error: 'PER_CLEAR_ON_SETID' undeclared (first use in this function)
|
||||
security/commoncap.c:510: error: (Each undeclared identifier is reported only once
|
||||
security/commoncap.c:510: error: for each function it appears in.)
|
||||
|
||||
Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
|
||||
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
|
||||
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
||||
---
|
||||
security/commoncap.c | 1 +
|
||||
1 files changed, 1 insertions(+), 0 deletions(-)
|
||||
|
||||
--- linux-3.3.2-6.fc17.noarch.orig/security/commoncap.c
|
||||
+++ linux-3.3.2-6.fc17.noarch/security/commoncap.c
|
||||
@@ -28,6 +28,7 @@
|
||||
#include <linux/prctl.h>
|
||||
#include <linux/securebits.h>
|
||||
#include <linux/user_namespace.h>
|
||||
+#include <linux/personality.h>
|
||||
|
||||
/*
|
||||
* If a non-root user executes a setuid-root binary in
|
||||
Loading…
Reference in New Issue