Re: [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]

To: Andres Salomon <dilinger@voxel.net>, debian-kernel@lists.debian.org
Cc: security@debian.org
Subject: Re: [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]
From: Horms <horms@debian.org>
Date: Thu, 13 Jan 2005 15:36:36 +0900
Message-id: <[🔎] 20050113063634.GA3904@debian.org>
Mail-followup-to: Andres Salomon <dilinger@voxel.net>, debian-kernel@lists.debian.org, security@debian.org
In-reply-to: <[🔎] 20050113033148.GC380@verge.net.au>
References: <[🔎] 1105126339.12895.5.camel@localhost> <[🔎] 20050113033148.GC380@verge.net.au>

On Thu, Jan 13, 2005 at 12:31:50PM +0900, Horms wrote:
> On Fri, Jan 07, 2005 at 02:32:19PM -0500, Andres Salomon wrote:
> > Hey, and while we're at it.. more fun!
> > 
> > I had 2.6.10 all ready and everything.  damnit.  Oh well, I guess there
> > will be 2.6.8, 2.6.9, and 2.6.10 uploaded today.
> 
> I will look into this for 2.4.27 and report back.

I took a look and found that all these changes have already made it
upstream for 2.4 (except the scsi ioctly problem, which doesn't 
effect 2.4).

Accordingly, I will add the following patches to SVN, I am just
verifying that the build first.

-- 
Horms

# origin: marcelo (BitKeeper)
# cset: 1.1558 (2.4) key=41e2c4fetTJmVti-Xxql21xXjfbpag
# inclusion: upstream
# descrition: Brad Spengler: Fix random poolsize sysctl (from 2.6.10-ac)
# revision date: Thu, 13 Jan 2005 15:14:00 +0900
#
# S rset: ChangeSet|1.1557..1.1558
# I rset: drivers/char/random.c|1.20..1.21
#
# Key:
# S: Skipped  ChangeSet file only
# O: Original Followed by Updated
# U: Updated  Included with updated range of versions
# I: Included Included verbatim
# E: Excluded Excluded on request from user
# D: Deleted  Manually deleted by subsequent user edit
#
#
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2005/01/10 16:10:06-02:00 marcelo@logos.cnet 
#   Brad Spengler: Fix random poolsize sysctl (from 2.6.10-ac)
# 
# drivers/char/random.c
#   2005/01/10 16:07:55-02:00 marcelo@logos.cnet +1 -1
#   Brad Spengler: Fix random poolsize sysctl (from 2.6.10-ac)
# 
#
===== drivers/char/random.c 1.20 vs 1.21 =====
--- 1.20/drivers/char/random.c	2004-08-10 08:09:10 +09:00
+++ 1.21/drivers/char/random.c	2005-01-11 03:07:55 +09:00
@@ -1771,7 +1771,7 @@
 static int proc_do_poolsize(ctl_table *table, int write, struct file *filp,
 			    void *buffer, size_t *lenp)
 {
-	int	ret;
+	unsigned int	ret;
 
 	sysctl_poolsize = random_state->poolinfo.POOLBYTES;

# origin: marcelo (BitKeeper)
# cset: 1.1559 (2.4) key=41e2c5fb3htiRRycYu5I4skGWXcv5g
# inclusion: upstream
# descrition: Alan Cox: Fix moxa serial bound checking issue (from 2.6.10-ac)
# revision date: Thu, 13 Jan 2005 15:16:21 +0900
#
# S rset: ChangeSet|1.1558..1.1559
# I rset: drivers/char/moxa.c|1.8..1.9
#
# Key:
# S: Skipped  ChangeSet file only
# O: Original Followed by Updated
# U: Updated  Included with updated range of versions
# I: Included Included verbatim
# E: Excluded Excluded on request from user
# D: Deleted  Manually deleted by subsequent user edit
#
#
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2005/01/10 16:14:19-02:00 marcelo@logos.cnet 
#   Alan Cox: Fix moxa serial bound checking issue (from 2.6.10-ac)
# 
# drivers/char/moxa.c
#   2005/01/10 16:11:04-02:00 marcelo@logos.cnet +2 -0
#   Alan Cox: Fix moxa serial bound checking issue
# 
#
===== drivers/char/moxa.c 1.8 vs 1.9 =====
--- 1.8/drivers/char/moxa.c	2004-12-17 00:14:38 +09:00
+++ 1.9/drivers/char/moxa.c	2005-01-11 03:11:04 +09:00
@@ -905,6 +905,8 @@
 	case TIOCSSERIAL:
 		return (moxa_set_serial_info(ch, (struct serial_struct *) arg));
 	default:
+		if(!capable(CAP_SYS_RAWIO))
+			return -EPERM;
 		retval = MoxaDriverIoctl(cmd, arg, port);
 	}
 	return (retval);

# origin: marcelo (BitKeeper)
# cset: 1.1560 (2.4) key=41e2ccd0OuVN0bKOhZvnda0zXqnTsA
# inclusion: upstream
# descrition: Brad Spengler: Fix RLIMIT_MEMLOCK issue
# revision date: Thu, 13 Jan 2005 15:12:37 +0900
#
# S rset: ChangeSet|1.1559..1.1560
# I rset: include/linux/mm.h|1.49..1.50
#
# Key:
# S: Skipped  ChangeSet file only
# O: Original Followed by Updated
# U: Updated  Included with updated range of versions
# I: Included Included verbatim
# E: Excluded Excluded on request from user
# D: Deleted  Manually deleted by subsequent user edit
#
#
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2005/01/10 16:43:28-02:00 marcelo@logos.cnet 
#   Brad Spengler: Fix RLIMIT_MEMLOCK issue
# 
# include/linux/mm.h
#   2005/01/10 16:41:47-02:00 marcelo@logos.cnet +8 -0
#   Brad Spengler: Fix RLIMIT_MEMLOCK issue
#   ,
# 
#
===== include/linux/mm.h 1.49 vs 1.50 =====
--- 1.49/include/linux/mm.h	2005-01-07 20:14:01 +09:00
+++ 1.50/include/linux/mm.h	2005-01-11 03:41:47 +09:00
@@ -660,6 +660,14 @@
 		spin_unlock(&vma->vm_mm->page_table_lock);
 		return -ENOMEM;
 	}
+
+	if ((vma->vm_flags & VM_LOCKED) &&
+      	    ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_MEMLOCK].rlim_cur) {
+		spin_unlock(&vma->vm_mm->page_table_lock);
+		return -ENOMEM;
+	}
+
+
 	vma->vm_start = address;
 	vma->vm_pgoff -= grow;
 	vma->vm_mm->total_vm += grow;

Reply to:

References:
- [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]
  - From: Andres Salomon <dilinger@voxel.net>
- Re: [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]
  - From: Horms <horms@debian.org>

Prev by Date: Re: Dropping 2.4 hppa kernel-image packages
Next by Date: Bug#264339: initrd-tools: This happens with swap partition referenced in /etc/fstab
Previous by thread: Re: [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]
Next by thread: Re: [Fwd: [Full-Disclosure] [grsec] grsecurity 2.1.0 release / 5 Linux kernel advisories]
Index(es):
- Date
- Thread