Re: Some new 2.4.27 security patches

To: micah <micah@riseup.net>
Cc: debian-kernel@lists.debian.org
Subject: Re: Some new 2.4.27 security patches
From: Horms <horms@debian.org>
Date: Fri, 14 Oct 2005 16:30:10 +0900
Message-id: <[🔎] 20051014073008.GW8848@verge.net.au>
Mail-followup-to: micah <micah@riseup.net>, debian-kernel@lists.debian.org
In-reply-to: <[🔎] 434EAE92.80901@riseup.net>
References: <[🔎] 434EAE92.80901@riseup.net>

On Thu, Oct 13, 2005 at 02:59:30PM -0400, micah wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Horms,
> 
> I noticed that this patch is not applied to the 2.4.27 sarge1 update:
> http://linux.bkbits.net:8080/linux-2.4/gnupatch@4158ea9dNdJsmLc2hgzAr6b-geXXvQ
> 
> The description reads: [XFS] Add nosymlinks inode flag for the security
> folks, reserve projinherit flag.
> 
> I dont know what the security issue is here, but it seems like it is
> security...
> 
> That patch doesn't apply straight to the debian source, it seems as if
> there are some pre-requisite patches, I was able to find at least these
> two that were needed:
> http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_dinode.h@1.18?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_dinode.h
> http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_fs.h@1.18?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_fs.h
> 
> This solves the failure to apply to xfs_dinode.h, but there are other
> failures that are most likely due to other patches needing to be applied
> first. I dont know if the other patches in that history need to be
> brought up to the latest as well. I'm afraid I have reached my limits of
> understanding of how to bring this forwards.

I do not believe this is a security patch. I believe that 
it is the addition of a new security-related feature.
It is also rather a lot of patch. So I am rejecting its
inclusion in Debian's 2.4 at this stage.
 
> 
> Also this patch:
> http://linux.bkbits.net:8080/linux-2.4/diffs/fs/xfs/xfs_inode.c@1.131?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_dinode.h|cset@1.1448.45.6|hist/fs/xfs/xfs_inode.c
> ([XFS] Handle inode creation race) should also be applied since it
> appears to be a security issue.

Fixed in 2.4.29-pre1
Patch: http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.45.21?nav=index.html|src/|src/fs|src/fs/xfs|related/fs/xfs/xfs_inode.c
ChangeLog: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.29

I'll get this into SVN for 2.4.27.
It does not seem to relate to 2.6 at all.

> I am having trouble locating CAN numbers for these, does anyone know if
> there are any?

I don't think there are any. Perhaps we should file for the 2nd one.
I noice that hlh was involved in that patch, perhaps
he can provide a slightly longer description.

-- 
Horms

Reply to:

References:
- Some new 2.4.27 security patches
  - From: micah <micah@riseup.net>

Prev by Date: Example way to solve this for mkinitrd ...
Next by Date: Re: initrd/initramfs: we discussed enough, let's take some action now :)
Previous by thread: Re: Some new 2.4.27 security patches
Next by thread: Bug#333522: possible problem cause: wait4(-1)
Index(es):
- Date
- Thread