Re: Some new 2.4.27 security patches
On Thu, Oct 13, 2005 at 02:59:30PM -0400, micah wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Horms,
>
> I noticed that this patch is not applied to the 2.4.27 sarge1 update:
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4158ea9dNdJsmLc2hgzAr6b-geXXvQ
>
> The description reads: [XFS] Add nosymlinks inode flag for the security
> folks, reserve projinherit flag.
>
> I dont know what the security issue is here, but it seems like it is
> security...
>
> That patch doesn't apply straight to the debian source, it seems as if
> there are some pre-requisite patches, I was able to find at least these
> two that were needed:
> http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_dinode.h@1.18?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_dinode.h
> http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_fs.h@1.18?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_fs.h
>
> This solves the failure to apply to xfs_dinode.h, but there are other
> failures that are most likely due to other patches needing to be applied
> first. I dont know if the other patches in that history need to be
> brought up to the latest as well. I'm afraid I have reached my limits of
> understanding of how to bring this forwards.
>
> Also this patch:
> http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_inode.c@1.131?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_inode.c
> ([XFS] Handle inode creation race) should also be applied since it
> appears to be a security issue.
>
> I am having trouble locating CAN numbers for these, does anyone know if
> there are any?
Thanks, Micah.
I don't off hand remember seeing either of these problems. I'll look
into adding them to 2.4.27, and see if I can fish out any CAN
information, but your guesses there are usually better than mine.
--
Horms
Reply to: