[patch 21/30] security/seclvl.c: fix time wrap (CVE-2005-4352)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-stable review patch.  If anyone has any objections, please let us know.
------------------

From: Adrian Bunk <[email protected]>

initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value 
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2031 with initlvl=2.

This patch does not apply to kernel 2.6.19 since the seclvl module was 
already removed in this kernel.

Signed-off-by: Adrian Bunk <[email protected]>
Signed-off-by: Chris Wright <[email protected]>

---
 security/seclvl.c |    2 ++
 1 file changed, 2 insertions(+)

--- linux-2.6.18.2.orig/security/seclvl.c
+++ linux-2.6.18.2/security/seclvl.c
@@ -370,6 +370,8 @@ static int seclvl_settime(struct timespe
 				      current->group_leader->pid);
 			return -EPERM;
 		}		/* if attempt to decrement time */
+		if (tv->tv_sec > 1924988400)	/* disallow dates after 2030) */
+			return -EPERM;		/* CVE-2005-4352 */
 	}			/* if seclvl > 1 */
 	return 0;
 }

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux