fix Linux kernel minor signal handling vulnerability (closes: #4912)
authorNicolas Thill <nico@openwrt.org>
Fri, 10 Apr 2009 12:01:54 +0000 (12:01 +0000)
committerNicolas Thill <nico@openwrt.org>
Fri, 10 Apr 2009 12:01:54 +0000 (12:01 +0000)
SVN-Revision: 15190

target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch [new file with mode: 0644]

diff --git a/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch
new file mode 100644 (file)
index 0000000..2787738
--- /dev/null
@@ -0,0 +1,15 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1202,7 +1202,9 @@ static struct task_struct *copy_process(
+       p->parent_exec_id = p->self_exec_id;
+       /* ok, now we should be set up.. */
+-      p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++      p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++                       (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++                       (clone_flags & CSIGNAL);
+       p->pdeath_signal = 0;
+       p->exit_state = 0;
diff --git a/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch
new file mode 100644 (file)
index 0000000..6859254
--- /dev/null
@@ -0,0 +1,15 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1246,7 +1246,9 @@ static struct task_struct *copy_process(
+       p->parent_exec_id = p->self_exec_id;
+       /* ok, now we should be set up.. */
+-      p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++      p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++                       (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++                       (clone_flags & CSIGNAL);
+       p->pdeath_signal = 0;
+       p->exit_state = 0;
diff --git a/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch
new file mode 100644 (file)
index 0000000..8b129a7
--- /dev/null
@@ -0,0 +1,15 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1114,7 +1114,9 @@ static struct task_struct *copy_process(
+       p->parent_exec_id = p->self_exec_id;
+       /* ok, now we should be set up.. */
+-      p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++      p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++                       (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++                       (clone_flags & CSIGNAL);
+       p->pdeath_signal = 0;
+       p->exit_state = 0;