Added a patch for the /proc/cmdline leak vulnerability; bug #59905.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-08-09 22:45:11 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-08-09 22:45:11 +0000
commit: 3079310236f32e99cf7a82cd388a9bd7f60d30e3 (patch)
tree: 7b62d9c6731304609a370b85bcd1594be955fa7e /sys-kernel
parent: Removing hostap package finally. hostap-driver supercedes it. (diff)
download: historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.tar.gz
historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.tar.bz2
historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.zip
6 files changed, 51 insertions, 7 deletions
diff --git a/sys-kernel/aa-sources/ChangeLog b/sys-kernel/aa-sources/ChangeLog
index 297816f9382d..ef63991f080f 100644
--- a/sys-kernel/aa-sources/ChangeLog
+++ b/sys-kernel/aa-sources/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sys-kernel/aa-sources
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.49 2004/08/08 15:43:53 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/ChangeLog,v 1.50 2004/08/09 22:45:11 plasmaroo Exp $
+
+  09 Aug 2004; <plasmaroo@gentoo.org> aa-sources-2.4.23-r2.ebuild,
+  aa-sources-2.6.5-r5.ebuild, +files/aa-sources-2.4.23.cmdlineLeak.patch,
+  +files/aa-sources-2.6.5.cmdlineLeak.patch:
+  Added a patch for the /proc/cmdline leak vulnerability; bug #59905.
 
   08 Aug 2004; <plasmaroo@gentoo.org> aa-sources-2.4.23-r2.ebuild,
   +files/aa-sources-2.4.23.CAN-2004-0685.patch:
diff --git a/sys-kernel/aa-sources/Manifest b/sys-kernel/aa-sources/Manifest
index b8883a604e2d..6d838828770b 100644
--- a/sys-kernel/aa-sources/Manifest
+++ b/sys-kernel/aa-sources/Manifest
@@ -1,13 +1,14 @@
-MD5 42aee3b292ee2fa07d99d81271615f61 ChangeLog 8104
+MD5 1ee344382cf5a838616a57d6387d761c ChangeLog 8361
 MD5 399eb7607b8f1f3f597e93566b1bda7c metadata.xml 453
-MD5 97b045915bcc72a8fb0b16dc00b99073 aa-sources-2.6.5-r5.ebuild 1196
-MD5 4712f72b9facb54e790d307cd8cab1bd aa-sources-2.4.23-r2.ebuild 3970
+MD5 2db2b7ccb1ed17b5c0095f3d38ab8f75 aa-sources-2.6.5-r5.ebuild 1232
+MD5 bc631b940195181e5d3217d8874edd49 aa-sources-2.4.23-r2.ebuild 4063
 MD5 60d25ff310fc6abfdce39ec9e47345af files/aa-sources-2.4.23.CAN-2004-0685.patch 2809
 MD5 eaeda68a619caaddd5b8fdc5e7c39932 files/aa-sources-2.4.23.CAN-2004-0177.patch 384
 MD5 c9da1bc82b906f6abc648c056e7bf662 files/aa-sources-2.4.23.FPULockup-53804.patch 354
 MD5 de75cfa969ed092578d9ddda6c5be334 files/aa-sources-2.4.23.CAN-2004-0181.patch 1233
 MD5 f73a63eb74340aedfd3d818f22aed72c files/digest-aa-sources-2.4.23-r2 207
 MD5 39361f8d16b1fe5891aab62e92f8cd30 files/aa-sources-2.6.5.IPTables-RDoS.patch 390
+MD5 d1ccc2047be533c992f67270a150a210 files/aa-sources-2.4.23.cmdlineLeak.patch 388
 MD5 6f4bba5dda7a99d77b1564f5489fef6e files/aa-sources-2.6.5.CAN-2004-0075.patch 1129
 MD5 e2e2b545b6fcdcecf49e33798efa5b84 files/aa-sources-2.4.23.rtc_fix.patch 7073
 MD5 e77a93fdf26f06cf3ea5080b27211725 files/aa-sources-2.4.23.CAN-2003-0985.patch 414
@@ -19,6 +20,7 @@ MD5 147fec50180ad91b6260fc7201dcb90f files/aa-sources-2.4.23.CAN-2004-0010.patch
 MD5 0f66013f643c79c97fda489618a4e2fd files/aa-sources-2.4.23.CAN-2004-0535.patch 476
 MD5 a92712e41465c49670ef7a54c2d16040 files/aa-sources-2.6.5.CAN-2004-0229.patch 471
 MD5 95708646470a95668e8789cd415844ed files/aa-sources.CAN-2004-0497.patch 846
+MD5 222e890035f4ad3152f0c2a625a9ea67 files/aa-sources-2.6.5.cmdlineLeak.patch 693
 MD5 b738cb0120a32aa92cfcfdbd564dd21f files/aa-sources-2.6.5.ProcPerms.patch 1368
 MD5 174438d215b70cad5ffb00ca8123c062 files/aa-sources-2.4.23.munmap.patch 837
 MD5 d4a740ae56c2049247083af387a22a85 files/aa-sources-2.4.23.CAN-2004-0394.patch 350
diff --git a/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild b/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild
index 606277fedbaf..d7f1fd89d034 100644
--- a/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild
+++ b/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild,v 1.14 2004/08/08 15:14:54 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.4.23-r2.ebuild,v 1.15 2004/08/09 22:45:11 plasmaroo Exp $
 
 IUSE=""
 
@@ -78,6 +78,7 @@ src_unpack() {
 	epatch ${FILESDIR}/${P}.CAN-2004-0685.patch || die "Failed to add the CAN-2004-0535 patch!"
 	epatch ${FILESDIR}/${P}.rtc_fix.patch || die "Failed to apply RTC patch!"
 	epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!"
+	epatch ${FILESDIR}/${P}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
 	# The munmap() patch is already in aa2...
 
 	kernel_universal_unpack
diff --git a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild
index e9d27fe2486a..a6b5ca31043c 100644
--- a/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild
+++ b/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.11 2004/08/05 01:12:15 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/aa-sources/aa-sources-2.6.5-r5.ebuild,v 1.12 2004/08/09 22:45:11 plasmaroo Exp $
 
 ETYPE="sources"
 K_NOUSENAME="yes"
@@ -21,7 +21,8 @@ UNIPATCH_LIST="
 	${FILESDIR}/${P}.IPTables-RDoS.patch
 	${FILESDIR}/${P}.ProcPerms.patch
 	${FILESDIR}/${P}.CAN-2004-0596.patch
-	${FILESDIR}/${P}.CAN-2004-0495-0496.patch"
+	${FILESDIR}/${P}.CAN-2004-0495-0496.patch
+	${FILESDIR}/${P}.cmdlineLeak.patch"
 
 K_PREPATCHED="yes"
 UNIPATCH_STRICTORDER="yes"
diff --git a/sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch b/sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch
new file mode 100644
index 000000000000..5f26f7f388f6
--- /dev/null
+++ b/sys-kernel/aa-sources/files/aa-sources-2.4.23.cmdlineLeak.patch
@@ -0,0 +1,11 @@
+--- linux-2.4/fs/proc/base.c	2004-04-15 07:09:32.000000000 +0100
++++ linux-2.4/fs/proc/base.c.plasmaroo	2004-08-09 23:30:43.869195800 +0100
+@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_
+ 	if (mm)
+ 		atomic_inc(&mm->mm_users);
+ 	task_unlock(task);
+-	if (mm) {
++	if (mm && mm->arg_end) {
+ 		int len = mm->arg_end - mm->arg_start;
+ 		if (len > PAGE_SIZE)
+ 			len = PAGE_SIZE;
diff --git a/sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch b/sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch
new file mode 100644
index 000000000000..bb80884c394e
--- /dev/null
+++ b/sys-kernel/aa-sources/files/aa-sources-2.6.5.cmdlineLeak.patch
@@ -0,0 +1,24 @@
+
+From: Roger Luethi <rl@hellgate.ch>
+
+If you win the race with a starting process, you can read its environment.
+
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+---
+
+ 25-akpm/fs/proc/base.c |    2 ++
+ 1 files changed, 2 insertions(+)
+
+diff -puN fs/proc/base.c~proc_pid_cmdline-race-fix fs/proc/base.c
+--- 25/fs/proc/base.c~proc_pid_cmdline-race-fix	2004-08-05 11:28:21.915442360 -0700
++++ 25-akpm/fs/proc/base.c	2004-08-05 11:28:21.919441752 -0700
+@@ -340,6 +340,8 @@ static int proc_pid_cmdline(struct task_
+ 	struct mm_struct *mm = get_task_mm(task);
+ 	if (!mm)
+ 		goto out;
++	if (!mm->arg_end)
++		goto out;	/* Shh! No looking before we're done */
+ 
+  	len = mm->arg_end - mm->arg_start;
+  
+_
author	Tim Yamin <plasmaroo@gentoo.org>	2004-08-09 22:45:11 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-08-09 22:45:11 +0000
commit	3079310236f32e99cf7a82cd388a9bd7f60d30e3 (patch)
tree	7b62d9c6731304609a370b85bcd1594be955fa7e /sys-kernel
parent	Removing hostap package finally. hostap-driver supercedes it. (diff)
download	historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.tar.gz historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.tar.bz2 historical-3079310236f32e99cf7a82cd388a9bd7f60d30e3.zip