Re: CVE-2011-1833
On Fri, Mar 23, 2012 at 04:03:28PM +0100, Laurent Bonnaud wrote:
> Hi,
>
> I am looking at this page:
>
> http://security-tracker.debian.org/tracker/CVE-2011-1833
>
> and kernel 3.2.12-1 in sid and wheezy is marked as vulnerable. However
> the fix for this bug is here:
>
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=764355487ea220fdc2faf128d577d7f679b91f97
>
> and one can check in the Debian source package that this fix is present:
>
> $ grep -r check_ruid .
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: * @check_ruid: set to 1 if device uid should be checked against the ruid
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t *check_ruid)
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 0;
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: *check_ruid = 1;
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: uid_t check_ruid;
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
> ./linux-2.6-3.2.12/fs/ecryptfs/main.c: if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
>
> So could somebody mark this bug as fixed in sid+wheezy?
This was already fixed in the mean time.
Cheers,
Moritz
Reply to: