| Message ID | 1303159976.29132.31.camel@emiko |
|---|---|
| State | New |
| Headers | show |
On 04/18/2011 01:52 PM, Leann Ogasawara wrote: > The following changes since commit edf1830290f88fb7c7c8baebd1fa7c49e8c522c4: > Mel Gorman (1): > UBUNTU: (pre-stable) mm: page allocator: adjust the per-cpu counter threshold when memory is low > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2010-4565 > > Dan Rosenberg (1): > CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 > > net/can/bcm.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > From 3e9b5670cda97a3a3d6810f3095ff8d2430e0b85 Mon Sep 17 00:00:00 2001 > From: Dan Rosenberg<drosenberg@vsecurity.com> > Date: Sun, 26 Dec 2010 06:54:53 +0000 > Subject: [PATCH] CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 > > BugLink: http://bugs.launchpad.net/bugs/765007 > > CVE-2010-4565 > > Since the socket address is just being used as a unique identifier, its > inode number is an alternative that does not leak potentially sensitive > information. > > CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. > > Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com> > Acked-by: Oliver Hartkopp<socketcan@hartkopp.net> > Signed-off-by: David S. Miller<davem@davemloft.net> > (cherry picked from commit 9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > net/can/bcm.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/can/bcm.c b/net/can/bcm.c > index 6faa825..9d5e8ac 100644 > --- a/net/can/bcm.c > +++ b/net/can/bcm.c > @@ -125,7 +125,7 @@ struct bcm_sock { > struct list_head tx_ops; > unsigned long dropped_usr_msgs; > struct proc_dir_entry *bcm_proc_read; > - char procname [20]; /* pointer printed in ASCII with \0 */ > + char procname [32]; /* inode number in decimal with \0 */ > }; > > static inline struct bcm_sock *bcm_sk(const struct sock *sk) > @@ -1521,7 +1521,7 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, > > if (proc_dir) { > /* unique socket address as filename */ > - sprintf(bo->procname, "%p", sock); > + sprintf(bo->procname, "%lu", sock_i_ino(sk)); > bo->bcm_proc_read = proc_create_data(bo->procname, 0644, > proc_dir, > &bcm_proc_fops, sk); Seems clean enough. Acked-by: Brad Figg <brad.figg@canonical.com>
On 04/18/2011 02:52 PM, Leann Ogasawara wrote: > The following changes since commit edf1830290f88fb7c7c8baebd1fa7c49e8c522c4: > Mel Gorman (1): > UBUNTU: (pre-stable) mm: page allocator: adjust the per-cpu counter threshold when memory is low > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2010-4565 > > Dan Rosenberg (1): > CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 > > net/can/bcm.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > From 3e9b5670cda97a3a3d6810f3095ff8d2430e0b85 Mon Sep 17 00:00:00 2001 > From: Dan Rosenberg<drosenberg@vsecurity.com> > Date: Sun, 26 Dec 2010 06:54:53 +0000 > Subject: [PATCH] CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 > > BugLink: http://bugs.launchpad.net/bugs/765007 > > CVE-2010-4565 > > Since the socket address is just being used as a unique identifier, its > inode number is an alternative that does not leak potentially sensitive > information. > > CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. > > Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com> > Acked-by: Oliver Hartkopp<socketcan@hartkopp.net> > Signed-off-by: David S. Miller<davem@davemloft.net> > (cherry picked from commit 9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > net/can/bcm.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/can/bcm.c b/net/can/bcm.c > index 6faa825..9d5e8ac 100644 > --- a/net/can/bcm.c > +++ b/net/can/bcm.c > @@ -125,7 +125,7 @@ struct bcm_sock { > struct list_head tx_ops; > unsigned long dropped_usr_msgs; > struct proc_dir_entry *bcm_proc_read; > - char procname [20]; /* pointer printed in ASCII with \0 */ > + char procname [32]; /* inode number in decimal with \0 */ > }; > > static inline struct bcm_sock *bcm_sk(const struct sock *sk) > @@ -1521,7 +1521,7 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, > > if (proc_dir) { > /* unique socket address as filename */ > - sprintf(bo->procname, "%p", sock); > + sprintf(bo->procname, "%lu", sock_i_ino(sk)); > bo->bcm_proc_read = proc_create_data(bo->procname, 0644, > proc_dir, > &bcm_proc_fops, sk); Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 04/18/2011 02:52 PM, Leann Ogasawara wrote:
> git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2010-4565
applied
diff --git a/net/can/bcm.c b/net/can/bcm.c index 6faa825..9d5e8ac 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -125,7 +125,7 @@ struct bcm_sock { struct list_head tx_ops; unsigned long dropped_usr_msgs; struct proc_dir_entry *bcm_proc_read; - char procname [20]; /* pointer printed in ASCII with \0 */ + char procname [32]; /* inode number in decimal with \0 */ }; static inline struct bcm_sock *bcm_sk(const struct sock *sk) @@ -1521,7 +1521,7 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, if (proc_dir) { /* unique socket address as filename */ - sprintf(bo->procname, "%p", sock); + sprintf(bo->procname, "%lu", sock_i_ino(sk)); bo->bcm_proc_read = proc_create_data(bo->procname, 0644, proc_dir, &bcm_proc_fops, sk);
The following changes since commit edf1830290f88fb7c7c8baebd1fa7c49e8c522c4: Mel Gorman (1): UBUNTU: (pre-stable) mm: page allocator: adjust the per-cpu counter threshold when memory is low are available in the git repository at: git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2010-4565 Dan Rosenberg (1): CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 net/can/bcm.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) From 3e9b5670cda97a3a3d6810f3095ff8d2430e0b85 Mon Sep 17 00:00:00 2001 From: Dan Rosenberg <drosenberg@vsecurity.com> Date: Sun, 26 Dec 2010 06:54:53 +0000 Subject: [PATCH] CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 BugLink: http://bugs.launchpad.net/bugs/765007 CVE-2010-4565 Since the socket address is just being used as a unique identifier, its inode number is an alternative that does not leak potentially sensitive information. CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83) Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com> --- net/can/bcm.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)