[2.6.22.y] CVE2007-6206 fix

From: Oliver Pinter (Pintér Olivér)
Date: Sat Dec 22 2007 - 06:37:46 EST

Next message: Jean Delvare: "Re: [lm-sensors] 2.6.24-rc4 hwmon it87 probe fails"
Previous message: Jean Delvare: "Re: [PATCH] adt7470: Support per-sensor alarm files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--
Thanks,
Oliver
I backported this patch to 2.6.22.y tree.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206

---

original patch:

c46f739dd39db3b07ab5deb4e3ec81e1c04a91af in linux-2.6.git

Ingo Molnar [Wed, 28 Nov 2007 12:59:18 +0000 (13:59 +0100)]
fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043

only allow coredumping to the same uid that the coredumping
task runs under.

Signed-off-by: Oliver Pinter <oliver.pntr@xxxxxxxxx>

---
fs/exec.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 3da429d..224e973 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
but keep the previous behaviour for now. */
if (!ispipe && !S_ISREG(inode->i_mode))
goto close_fail;
+ /*
+ * Dont allow local users get cute and trick others to coredump
+ * into their pre-created files:
+ */
+ if (inode->i_uid != current->fsuid)
+ goto close_fail;
if (!file->f_op)
goto close_fail;
if (!file->f_op->write)

Next message: Jean Delvare: "Re: [lm-sensors] 2.6.24-rc4 hwmon it87 probe fails"
Previous message: Jean Delvare: "Re: [PATCH] adt7470: Support per-sensor alarm files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]