From dc80aabc7e4434c23b3c801d95cb9be816d814cc Mon Sep 17 00:00:00 2001 From: Christian Birchinger Date: Fri, 12 Nov 2004 22:20:22 +0000 Subject: Added a security fix for the Linux kernel binfmt_elf loader vulnerabilities --- sys-kernel/sparc-sources/ChangeLog | 9 ++- .../files/digest-sparc-sources-2.4.27-r3 | 2 + .../files/gentoo-sources-2.4.27-binfmt_elf.patch | 84 ++++++++++++++++++++++ .../sparc-sources/sparc-sources-2.4.27-r3.ebuild | 69 ++++++++++++++++++ 4 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 sys-kernel/sparc-sources/files/digest-sparc-sources-2.4.27-r3 create mode 100644 sys-kernel/sparc-sources/files/gentoo-sources-2.4.27-binfmt_elf.patch create mode 100644 sys-kernel/sparc-sources/sparc-sources-2.4.27-r3.ebuild (limited to 'sys-kernel/sparc-sources') diff --git a/sys-kernel/sparc-sources/ChangeLog b/sys-kernel/sparc-sources/ChangeLog index b4219069bf40..af30e540ba8a 100644 --- a/sys-kernel/sparc-sources/ChangeLog +++ b/sys-kernel/sparc-sources/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-kernel/sparc-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/sparc-sources/ChangeLog,v 1.65 2004/11/10 16:49:32 joker Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/sparc-sources/ChangeLog,v 1.66 2004/11/12 22:20:22 joker Exp $ + +*sparc-sources-2.4.27-r3 (12 Nov 2004) + + 12 Nov 2004; Christian Birchinger + +files/gentoo-sources-2.4.27-binfmt_elf.patch, + +sparc-sources-2.4.27-r3.ebuild: + Added a security fix for the Linux kernel binfmt_elf loader vulnerabilities *sparc-sources-2.4.27-r2 (10 Nov 2004) diff --git a/sys-kernel/sparc-sources/files/digest-sparc-sources-2.4.27-r3 b/sys-kernel/sparc-sources/files/digest-sparc-sources-2.4.27-r3 new file mode 100644 index 000000000000..662b3b82757a --- /dev/null +++ b/sys-kernel/sparc-sources/files/digest-sparc-sources-2.4.27-r3 @@ -0,0 +1,2 @@ +MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453 +MD5 4aa6453113601fbd6d134dad8aef21e7 patches-2.4.27-sparc-r2.tar.bz2 181499 diff --git a/sys-kernel/sparc-sources/files/gentoo-sources-2.4.27-binfmt_elf.patch b/sys-kernel/sparc-sources/files/gentoo-sources-2.4.27-binfmt_elf.patch new file mode 100644 index 000000000000..bce026adf312 --- /dev/null +++ b/sys-kernel/sparc-sources/files/gentoo-sources-2.4.27-binfmt_elf.patch @@ -0,0 +1,84 @@ +diff -ur linux-2.4.27-gentoo-r2/fs/binfmt_elf.c linux-2.4.27-gentoo-r3/fs/binfmt_elf.c +--- linux-2.4.27-gentoo-r2/fs/binfmt_elf.c 2004-11-10 20:43:18.000000000 +0000 ++++ linux-2.4.27-gentoo-r3/fs/binfmt_elf.c 2004-11-10 20:33:40.000000000 +0000 +@@ -308,9 +308,12 @@ + goto out; + + retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); +- error = retval; +- if (retval < 0) ++ error = -EIO; ++ if (retval != size) { ++ if (retval < 0) ++ error = retval; + goto out_close; ++ } + + eppnt = elf_phdata; + for (i=0; ie_phnum; i++, eppnt++) { +@@ -686,8 +689,11 @@ + goto out; + + retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); +- if (retval < 0) ++ if (retval != size) { ++ if (retval >= 0) ++ retval = -EIO; + goto out_free_ph; ++ } + + files = current->files; /* Refcounted so ok */ + retval = unshare_files(); +@@ -734,8 +740,14 @@ + retval = kernel_read(bprm->file, elf_ppnt->p_offset, + elf_interpreter, + elf_ppnt->p_filesz); +- if (retval < 0) ++ if (retval != elf_ppnt->p_filesz) { ++ if (retval >= 0) ++ retval = -EIO; + goto out_free_interp; ++ } ++ /* make sure path is NULL terminated */ ++ elf_interpreter[elf_ppnt->p_filesz - 1] = '\0'; ++ + /* If the program interpreter is one of these two, + * then assume an iBCS2 image. Otherwise assume + * a native linux image. +@@ -754,8 +766,11 @@ + if (IS_ERR(interpreter)) + goto out_free_interp; + retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); +- if (retval < 0) ++ if (retval != BINPRM_BUF_SIZE) { ++ if (retval >= 0) ++ retval = -EIO; + goto out_free_dentry; ++ } + + /* Get the exec headers */ + interp_ex = *((struct exec *) bprm->buf); +@@ -967,7 +982,10 @@ + #endif + + if (BAD_ADDR(error)) +- continue; ++ { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } + + /* PaX: mirror at a randomized base */ + down_write(¤t->mm->mmap_sem); +@@ -1008,7 +1026,10 @@ + { + error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); + if (BAD_ADDR(error)) +- continue; ++ { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } + } + + if (!load_addr_set) { diff --git a/sys-kernel/sparc-sources/sparc-sources-2.4.27-r3.ebuild b/sys-kernel/sparc-sources/sparc-sources-2.4.27-r3.ebuild new file mode 100644 index 000000000000..efd7f6480272 --- /dev/null +++ b/sys-kernel/sparc-sources/sparc-sources-2.4.27-r3.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/sparc-sources/sparc-sources-2.4.27-r3.ebuild,v 1.1 2004/11/12 22:20:22 joker Exp $ + +IUSE="ultra1" + +# Kernel ebuilds using the kernel.eclass can remove any patch that you +# do not want to apply by simply setting the KERNEL_EXCLUDE shell +# variable to the string you want to exclude (for instance +# KERNEL_EXCLUDE="grsecurity" would not patch any patches whose names match +# *grsecurity*). Kernels are only tested in the default configuration, but +# this may be useful if you know that a particular patch is causing a +# conflict with a patch you personally want to apply, or some other +# similar situation. + +ETYPE="sources" +inherit kernel eutils + +# OKV=original kernel version, KV=patched kernel version. They can be the same. +[ "$OKV" == "" ] && OKV="${PV}" + +EXTRAVERSION="-${PN/-*/}" +[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" +KV="${OKV}${EXTRAVERSION}" + +PATCH_VERSION="2.4.27-sparc-r2" + +# Documentation on the patches contained in this kernel will be installed +# to /usr/share/doc/sparc-sources-${PV}/patches.txt.gz + +DESCRIPTION="Full sources for the Gentoo Sparc Linux kernel" +SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 + mirror://gentoo/patches-${PATCH_VERSION}.tar.bz2" + +S=${WORKDIR}/linux-${KV} +KEYWORDS="~x86 -ppc sparc" +SLOT="${KV}" + +src_unpack() { + unpack ${A} + mv linux-${OKV} linux-${KV} || die "Error moving kernel source tree to linux-${KV}" + cd ${PATCH_VERSION} || die "Unable to cd into ${PATCH_VERSION}" + + kernel_src_unpack + + # Fix a grsecurity problem on sparc32 + [ "${PROFILE_ARCH}" = "sparc64" ] || epatch ${FILESDIR}/use-pte_alloc_one_fast-r1.patch + + # Security fix Linux kernel binfmt_elf loader vulnerabilities + epatch ${FILESDIR}/gentoo-sources-2.4.27-binfmt_elf.patch + + # Patch the HME driver only on Ultra1 machines. + use ultra1 && epatch ${FILESDIR}/U1-hme-lockup.patch +} + +pkg_postinst() { + + kernel_pkg_postinst + + # Display SUN Ultra 1 HME warning if it can be detected or if the machinetype is unknown. + if [ ! -r "/proc/openprom/name" -o "`cat /proc/openprom/name 2>/dev/null`" = "'SUNW,Ultra-1'" ]; then + einfo + einfo "For users with an Enterprise model Ultra 1 using the HME network interface," + einfo "please emerge the kernel using the following command:" + einfo + einfo "USE=ultra1 emerge sparc-sources" + einfo + fi +} -- cgit v1.2.3-65-gdbad