-stable review patch. If anyone has any objections, please let us know.
------------------
From: Adrian Bunk <[email protected]>
initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".
But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.
This patch fixes this by disallowing setting the time to any date
after 2031 with initlvl=2.
This patch does not apply to kernel 2.6.19 since the seclvl module was
already removed in this kernel.
Signed-off-by: Adrian Bunk <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
security/seclvl.c | 2 ++
1 file changed, 2 insertions(+)
--- linux-2.6.18.2.orig/security/seclvl.c
+++ linux-2.6.18.2/security/seclvl.c
@@ -370,6 +370,8 @@ static int seclvl_settime(struct timespe
current->group_leader->pid);
return -EPERM;
} /* if attempt to decrement time */
+ if (tv->tv_sec > 1924988400) /* disallow dates after 2030) */
+ return -EPERM; /* CVE-2005-4352 */
} /* if seclvl > 1 */
return 0;
}
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]