Version bump for kernel attribute vulnerabilities, bug #56479.

3 files changed, 75 insertions, 0 deletions

diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.7-r1 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.7-r2
index 44de8f6c9172..44de8f6c9172 100644
--- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.7-r1
+++ b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.7-r2
diff --git a/sys-kernel/xbox-sources/files/xbox-sources.CAN-2004-0497.patch b/sys-kernel/xbox-sources/files/xbox-sources.CAN-2004-0497.patch
new file mode 100644
index 000000000000..41b3196f84ea
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources.CAN-2004-0497.patch
@@ -0,0 +1,26 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/07/02 20:55:04-07:00 chrisw@osdl.org 
+#   [PATCH] chown permission check fix for ATTR_GID
+#   
+#   SuSE discovered this problem with chown and ATTR_GID.  Make sure user
+#   is authorized to change the group, CAN-2004-0497.
+# 
+# fs/attr.c
+#   2004/07/02 09:07:32-07:00 chrisw@osdl.org +2 -1
+#   chown permission check fix for ATTR_GID
+# 
+diff -Nru a/fs/attr.c b/fs/attr.c
+--- a/fs/attr.c	2004-07-08 16:35:57 -07:00
++++ b/fs/attr.c	2004-07-08 16:35:57 -07:00
+@@ -35,7 +35,8 @@
+ 
+ 	/* Make sure caller can chgrp. */
+ 	if ((ia_valid & ATTR_GID) &&
+-	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
++	    (current->fsuid != inode->i_uid ||
++	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
+ 	    !capable(CAP_CHOWN))
+ 		goto error;
+ 
diff --git a/sys-kernel/xbox-sources/files/xbox-sources.ProcPerms.patch b/sys-kernel/xbox-sources/files/xbox-sources.ProcPerms.patch
new file mode 100644
index 000000000000..d90b8d1815d4
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources.ProcPerms.patch
@@ -0,0 +1,49 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/07/02 18:48:26-07:00 chrisw@osdl.org 
+#   [PATCH] check attr updates in /proc
+#   
+#   Any proc entry with default proc_file_inode_operations allow unauthorized
+#   attribute updates.  This is very dangerous for proc entries that rely
+#   solely on file permissions for open/read/write.
+#   
+#   Signed-off-by: Chris Wright <chrisw@osdl.org>
+#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+# 
+# fs/proc/generic.c
+#   2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7
+#   check attr updates in /proc
+# 
+diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c
+--- a/fs/proc/generic.c	2004-07-08 17:03:20 -07:00
++++ b/fs/proc/generic.c	2004-07-08 17:03:20 -07:00
+@@ -231,14 +231,21 @@
+ static int proc_notify_change(struct dentry *dentry, struct iattr *iattr)
+ {
+ 	struct inode *inode = dentry->d_inode;
+-	int error = inode_setattr(inode, iattr);
+-	if (!error) {
+-		struct proc_dir_entry *de = PDE(inode);
+-		de->uid = inode->i_uid;
+-		de->gid = inode->i_gid;
+-		de->mode = inode->i_mode;
+-	}
++	struct proc_dir_entry *de = PDE(inode);
++	int error;
+ 
++	error = inode_change_ok(inode, iattr);
++	if (error)
++		goto out;
++
++	error = inode_setattr(inode, iattr);
++	if (error)
++		goto out;
++	
++	de->uid = inode->i_uid;
++	de->gid = inode->i_gid;
++	de->mode = inode->i_mode;
++out:
+ 	return error;
+ }
+