Potential security issue in /proc/cmdline bug 59905

author: Ned Ludd <solar@gentoo.org> 2004-08-10 02:32:10 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-08-10 02:32:10 +0000
commit: 63246d2ee676d583e3f6c351c93ac25fee3cbfdf (patch)
tree: ff22be91e635587b3f354de4ab22f2e642c4a04c /sys-kernel
parent: fix SRC_URI for new patch_pack location (diff)
download: historical-63246d2ee676d583e3f6c351c93ac25fee3cbfdf.tar.gz
historical-63246d2ee676d583e3f6c351c93ac25fee3cbfdf.tar.bz2
historical-63246d2ee676d583e3f6c351c93ac25fee3cbfdf.zip
5 files changed, 95 insertions, 2 deletions
diff --git a/sys-kernel/grsec-sources/ChangeLog b/sys-kernel/grsec-sources/ChangeLog
index 5d8ef3bd77f1..8c67a679617c 100644
--- a/sys-kernel/grsec-sources/ChangeLog
+++ b/sys-kernel/grsec-sources/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-kernel/grsec-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.30 2004/08/08 19:38:44 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/ChangeLog,v 1.31 2004/08/10 02:32:10 solar Exp $
+
+*grsec-sources-2.4.27.2.0.1-r1 (09 Aug 2004)
+
+  09 Aug 2004; <solar@gentoo.org> grsec-sources-2.4.27.2.0.1-r1.ebuild,
+  files/2.4.27-cmdline-race.patch:
+  Potential security issue in /proc/cmdline bug 59905
 
 *grsec-sources-2.4.27.2.0.1 (08 Aug 2004)
 
diff --git a/sys-kernel/grsec-sources/Manifest b/sys-kernel/grsec-sources/Manifest
index f04a26f99844..92b384320780 100644
--- a/sys-kernel/grsec-sources/Manifest
+++ b/sys-kernel/grsec-sources/Manifest
@@ -1,13 +1,16 @@
 MD5 49c9741593c223ee98f6ce3b3d6b6ef2 grsec-sources-2.4.26.2.0-r7.ebuild 3568
 MD5 bc5832ac6ca39f95dd9520dbd5a2a75c grsec-sources-2.4.27.2.0.1.ebuild 2299
-MD5 28babceb0f3789a4886f59ff87d89982 ChangeLog 6533
+MD5 7a507bbac99adf0d61814d1896621488 ChangeLog 6741
 MD5 140d8af1d66f9f6cd030e7d9902f38d9 metadata.xml 478
+MD5 809c905e60037f00f9f8e2223e3e2732 grsec-sources-2.4.27.2.0.1-r1.ebuild 2404
 MD5 c47b7075dd1e065b09bb08936c1901a1 files/2.4.26-signal-race.patch 365
 MD5 3bdf00d5f80fe9dfbfe8220e076cd04c files/openmosix-sources.CAN-2004-0497.patch 707
 MD5 3dac23b6e285462a7cda41505cc698e1 files/2.4.26-CAN-2004-0394.patch 319
 MD5 f48595ebd029212cbe8db846556b93cb files/digest-grsec-sources-2.4.27.2.0.1 141
+MD5 f48595ebd029212cbe8db846556b93cb files/digest-grsec-sources-2.4.27.2.0.1-r1 141
 MD5 36615aa14e3aed91008beeeb406693bf files/2.4.26-pax-binfmt_elf-page-size.patch 427
 MD5 b293289df61d6f42ff54e4e0ceae53cf files/2.4.24-x86.config 2397
 MD5 0f66013f643c79c97fda489618a4e2fd files/gentoo-sources-2.4.CAN-2004-0535.patch 476
 MD5 dc18e982f8149588a291956481885a8c files/gentoo-sources-2.4.CAN-2004-0495.patch 17549
 MD5 2dc3a7f7f036e87ce4af63af31989311 files/digest-grsec-sources-2.4.26.2.0-r7 219
+MD5 d1ccc2047be533c992f67270a150a210 files/2.4.27-cmdline-race.patch 388
diff --git a/sys-kernel/grsec-sources/files/2.4.27-cmdline-race.patch b/sys-kernel/grsec-sources/files/2.4.27-cmdline-race.patch
new file mode 100644
index 000000000000..5f26f7f388f6
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/2.4.27-cmdline-race.patch
@@ -0,0 +1,11 @@
+--- linux-2.4/fs/proc/base.c	2004-04-15 07:09:32.000000000 +0100
++++ linux-2.4/fs/proc/base.c.plasmaroo	2004-08-09 23:30:43.869195800 +0100
+@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_
+ 	if (mm)
+ 		atomic_inc(&mm->mm_users);
+ 	task_unlock(task);
+-	if (mm) {
++	if (mm && mm->arg_end) {
+ 		int len = mm->arg_end - mm->arg_start;
+ 		if (len > PAGE_SIZE)
+ 			len = PAGE_SIZE;
diff --git a/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1 b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1
new file mode 100644
index 000000000000..2a2cfcf855ce
--- /dev/null
+++ b/sys-kernel/grsec-sources/files/digest-grsec-sources-2.4.27.2.0.1-r1
@@ -0,0 +1,2 @@
+MD5 3431156a47f26a1306f69de009941c63 grsecurity-2.0.1-2.4.27.patch 638046
+MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453
diff --git a/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild
new file mode 100644
index 000000000000..97cac0d4c305
--- /dev/null
+++ b/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/grsec-sources/grsec-sources-2.4.27.2.0.1-r1.ebuild,v 1.1 2004/08/10 02:32:10 solar Exp $
+
+# We control what versions of what we download based on the KEYWORDS we
+# are using for the various arches. Thus if we want grsec1 stable we run
+# the with "arch" ACCEPT_KEYWORDS or ~arch and we will get the
+# grsec-2.0-preX which has alot more features.
+
+# the only thing that should ever differ in one of these 1.9.x ebuilds
+# and 2.x of the same kernel version is the KEYWORDS and header.
+# shame cvs symlinks don't exist
+
+ETYPE="sources"
+IUSE=""
+
+inherit eutils kernel
+
+[ "$OKV" == "" ] && OKV="2.4.27"
+
+PATCH_BASE="${PV/${OKV}./}"
+PATCH_BASE="${PATCH_BASE/_/-}"
+EXTRAVERSION="-grsec-${PATCH_BASE}"
+KV="${OKV}${EXTRAVERSION}"
+
+PATCH_SRC_BASE="grsecurity-${PATCH_BASE}-${OKV}.patch"
+DESCRIPTION="Vanilla sources of the linux kernel with the grsecurity ${PATCH_BASE} patch"
+CAN_PATCHES=""
+SRC_URI="http://grsecurity.net/grsecurity-${PATCH_BASE}-${OKV}.patch \
+	http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 ${CAN_PATCHES}"
+#mirror://gentoo/grsecurity-${PATCH_BASE}-${OKV}.patch.bz2
+
+HOMEPAGE="http://www.kernel.org/ http://www.grsecurity.net"
+KEYWORDS="x86 sparc ppc alpha amd64 -hppa"
+
+SLOT="${KV}"
+S="${WORKDIR}/linux-${KV}"
+
+src_unpack() {
+	unpack linux-"${OKV}".tar.bz2 || die "unable to unpack the kernel"
+	mv linux-"${OKV}" linux-"${KV}" || die "unable to move the kernel"
+	cd linux-"${KV}" || die "unable to cd into the kernel source tree"
+
+	patch_grsec_kernel
+
+	mkdir -p docs
+	touch docs/patches.txt
+	kernel_universal_unpack
+}
+
+patch_grsec_kernel() {
+	# users are often confused by what settings should be set.
+	# so we provide an  example of what a P4 desktop would look like.
+	cp ${FILESDIR}/2.4.24-x86.config gentoo-grsec-custom-example-2.4.24-x86.config
+
+
+	[ -f "${DISTDIR}/${PATCH_SRC_BASE}" ] || die "File ${PATCH_SRC_BASE} does not exist?"
+	ebegin "Patching the kernel with ${PATCH_SRC_BASE}"
+	cat  ${DISTDIR}/${PATCH_SRC_BASE} | patch -g0 -p1 --quiet
+	[ $? == 0 ] || die "failed patching with ${PATCH_SRC_BASE}"
+	eend 0
+
+	# fix format string problem in panic()
+	epatch ${FILESDIR}/2.4.26-CAN-2004-0394.patch
+
+	# Potential security issue in /proc/cmdline bug 59905
+	epatch ${FILESDIR}/2.4.27-cmdline-race.patch
+
+	return 0
+}
+
author	Ned Ludd <solar@gentoo.org>	2004-08-10 02:32:10 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-08-10 02:32:10 +0000
commit	63246d2ee676d583e3f6c351c93ac25fee3cbfdf (patch)
tree	ff22be91e635587b3f354de4ab22f2e642c4a04c /sys-kernel
parent	fix SRC_URI for new patch_pack location (diff)
download	historical-63246d2ee676d583e3f6c351c93ac25fee3cbfdf.tar.gz historical-63246d2ee676d583e3f6c351c93ac25fee3cbfdf.tar.bz2 historical-63246d2ee676d583e3f6c351c93ac25fee3cbfdf.zip