Re: ABI change in fix for CVE-2008-5029
On Fri, Nov 14, 2008 at 01:29:05PM -0700, dann frazier wrote:
> Because this affects a significant number of symbols, it doesn't look
> to me like a safe thing to ignore w/ the #ifdef __GENKSYMS__ trick, so
> its looking like we need to increment the ABI for the stable kernels,
> and perhaps the lenny kernel. Do others on the team have a different
> opinion?
You did not dig deep enough. It is a change in the task_struct. As long
as this struct is never allocated outside of the core kernel (doing so
would be insane anyway), the following patch will do.
| --- a/include/linux/sched.h
| +++ b/include/linux/sched.h
| @@ -1288,8 +1288,6 @@ struct task_struct {
| atomic_t fs_excl; /* holding fs exclusive resources */
| struct rcu_head rcu;
|
| - struct list_head *scm_work_list;
| -
| /*
| * cache last used pipe for splice
| */
| @@ -1305,6 +1303,10 @@ struct task_struct {
| int latency_record_count;
| struct latency_record latency_record[LT_SAVECOUNT];
| #endif
| +
| +#ifndef __GENKSYMS__
| + struct list_head *scm_work_list;
| +#endif
| };
|
| /*
However, there is a second change: scm_*, four or so. This symbols are
only used inside the core (by the unix and netlink socket support), so I
would ignore that.
Bastian
--
No one may kill a man. Not for any purpose. It cannot be condoned.
-- Kirk, "Spock's Brain", stardate 5431.6
Reply to: