[2.6.22.y] CVE2007-6206 fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-- 
Thanks,
Oliver
I backported this patch to 2.6.22.y tree.

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6206

    ---

    original patch:

    c46f739dd39db3b07ab5deb4e3ec81e1c04a91af in linux-2.6.git

    Ingo Molnar [Wed, 28 Nov 2007 12:59:18 +0000 (13:59 +0100)]
     fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043

     only allow coredumping to the same uid that the coredumping
     task runs under.

    Signed-off-by: Oliver Pinter <[email protected]>


---
 fs/exec.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 3da429d..224e973 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1561,6 +1561,12 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs)
 	   but keep the previous behaviour for now. */
 	if (!ispipe && !S_ISREG(inode->i_mode))
 		goto close_fail;
+	/*
+	 * Dont allow local users get cute and trick others to coredump
+	 * into their pre-created files:
+	 */
+	if (inode->i_uid != current->fsuid)
+		goto close_fail;
 	if (!file->f_op)
 		goto close_fail;
 	if (!file->f_op->write)

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux