From 7f9deabdac7a8fd2c923977062cb137e77650876 Mon Sep 17 00:00:00 2001 From: Nicolas Thill Date: Fri, 10 Apr 2009 12:01:54 +0000 Subject: [PATCH] fix Linux kernel minor signal handling vulnerability (closes: #4912) SVN-Revision: 15190 --- .../patches-2.6.24/991-cve-2009-0028.patch | 15 +++++++++++++++ .../patches-2.6.25/991-cve-2009-0028.patch | 15 +++++++++++++++ .../patches-2.6.26/991-cve-2009-0028.patch | 15 +++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch create mode 100644 target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch create mode 100644 target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch diff --git a/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch new file mode 100644 index 0000000000..2787738563 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.24/991-cve-2009-0028.patch @@ -0,0 +1,15 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1202,7 +1202,9 @@ static struct task_struct *copy_process( + p->parent_exec_id = p->self_exec_id; + + /* ok, now we should be set up.. */ +- p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL); ++ p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : ++ (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal : ++ (clone_flags & CSIGNAL); + p->pdeath_signal = 0; + p->exit_state = 0; + diff --git a/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch new file mode 100644 index 0000000000..685925436b --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.25/991-cve-2009-0028.patch @@ -0,0 +1,15 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1246,7 +1246,9 @@ static struct task_struct *copy_process( + p->parent_exec_id = p->self_exec_id; + + /* ok, now we should be set up.. */ +- p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL); ++ p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : ++ (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal : ++ (clone_flags & CSIGNAL); + p->pdeath_signal = 0; + p->exit_state = 0; + diff --git a/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch b/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch new file mode 100644 index 0000000000..8b129a739e --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.26/991-cve-2009-0028.patch @@ -0,0 +1,15 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1114,7 +1114,9 @@ static struct task_struct *copy_process( + p->parent_exec_id = p->self_exec_id; + + /* ok, now we should be set up.. */ +- p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL); ++ p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : ++ (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal : ++ (clone_flags & CSIGNAL); + p->pdeath_signal = 0; + p->exit_state = 0; + -- 2.30.2