From: Nicolas Thill <nico@openwrt.org>
Date: Fri, 10 Apr 2009 12:01:54 +0000 (+0000)
Subject: fix Linux kernel minor signal handling vulnerability (closes: #4912)
X-Git-Tag: 8.09.1~125
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=7f9deabdac7a8fd2c923977062cb137e77650876;p=openwrt%2Fsvn-archive%2Fopenwrt.git

fix Linux kernel minor signal handling vulnerability (closes: #4912)

SVN-Revision: 15190
---

diff --git a/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch
new file mode 100644
index 0000000000..2787738563
--- /dev/null
+++ b/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch
@@ -0,0 +1,15 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1202,7 +1202,9 @@ static struct task_struct *copy_process(
+ 	p->parent_exec_id = p->self_exec_id;
+ 
+ 	/* ok, now we should be set up.. */
+-	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++			 (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++			 (clone_flags & CSIGNAL);
+ 	p->pdeath_signal = 0;
+ 	p->exit_state = 0;
+ 
diff --git a/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch
new file mode 100644
index 0000000000..685925436b
--- /dev/null
+++ b/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch
@@ -0,0 +1,15 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1246,7 +1246,9 @@ static struct task_struct *copy_process(
+ 	p->parent_exec_id = p->self_exec_id;
+ 
+ 	/* ok, now we should be set up.. */
+-	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++			 (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++			 (clone_flags & CSIGNAL);
+ 	p->pdeath_signal = 0;
+ 	p->exit_state = 0;
+ 
diff --git a/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch
new file mode 100644
index 0000000000..8b129a739e
--- /dev/null
+++ b/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch
@@ -0,0 +1,15 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1114,7 +1114,9 @@ static struct task_struct *copy_process(
+ 	p->parent_exec_id = p->self_exec_id;
+ 
+ 	/* ok, now we should be set up.. */
+-	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++	p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++			 (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++			 (clone_flags & CSIGNAL);
+ 	p->pdeath_signal = 0;
+ 	p->exit_state = 0;
+