Security update patch to 2.6.3 for mremap()?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* Security update patch to 2.6.3 for mremap()?
@ 2004-02-19 14:37 Nur Hussein
  2004-02-19 16:00 ` Diego Calleja García
  0 siblings, 1 reply; 7+ messages in thread
From: Nur Hussein @ 2004-02-19 14:37 UTC (permalink / raw)
  To: linux-kernel

Greetings,
                                                                                                                             I was searching the source and changelogs of 2.6.3 to find the specific
patch that fixed the recent security hole discovered in mremap()
 
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
                                                                                                                             I found Andrew Morton's changelog entry that touched mremap:
 
http://linux.bkbits.net:8080/linux-2.5/cset@1.1557.2.83?nav=index.html|ChangeSet@-2d
                                                                                                                             I noticed however, that a fix to the same problem in 2.4.25 sent by
Andrea Arcangeli adds only one line to a different section of code:
 
http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4
                                                                                                                             Is this line missing from 2.6.3, or did Andrew Morton's fixes address
the problem already?
 
-= Nur Hussein =-



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Security update patch to 2.6.3 for mremap()?
  2004-02-19 14:37 Security update patch to 2.6.3 for mremap()? Nur Hussein
@ 2004-02-19 16:00 ` Diego Calleja García
  2004-02-19 17:37   ` Chris Wright
  2004-02-19 17:43   ` Nur Hussein
  0 siblings, 2 replies; 7+ messages in thread
From: Diego Calleja García @ 2004-02-19 16:00 UTC (permalink / raw)
  To: Nur Hussein; +Cc: linux-kernel

El Thu, 19 Feb 2004 22:37:46 +0800 Nur Hussein <obiwan@slackware.org.my> escribió:

>                                                                                                                              I noticed however, that a fix to the same problem in 2.4.25 sent by
> Andrea Arcangeli adds only one line to a different section of code:
>  
> http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4

AFAIK, the 2.4 path should be this one, shouldn't it?
http://linux.bkbits.net:8080/linux-2.4/patch@1.1323?nav=index.html|ChangeSet@-2d|cset@1.1323

>                                                                                                                              Is this line missing from 2.6.3, or did Andrew Morton's fixes address
> the problem already?

The 2.6 should be this one (comitted 15 days ago):
http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@1.38?nav=index.html|src/|src/mm|hist/mm/mremap.c
2.6.3 is safe, it seems

PD: Your mailer is doing very weird things.

	Diego Calleja



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Security update patch to 2.6.3 for mremap()?
  2004-02-19 16:00 ` Diego Calleja García
@ 2004-02-19 17:37   ` Chris Wright
  2004-02-19 17:43   ` Nur Hussein
  1 sibling, 0 replies; 7+ messages in thread
From: Chris Wright @ 2004-02-19 17:37 UTC (permalink / raw)
  To: Diego Calleja García; +Cc: Nur Hussein, linux-kernel

* Diego Calleja García (diegocg@teleline.es) wrote:
> El Thu, 19 Feb 2004 22:37:46 +0800 Nur Hussein <obiwan@slackware.org.my> escribió:
> > http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4
> 
> AFAIK, the 2.4 path should be this one, shouldn't it?
> http://linux.bkbits.net:8080/linux-2.4/patch@1.1323?nav=index.html|ChangeSet@-2d|cset@1.1323

yep.

> > Is this line missing from 2.6.3, or did Andrew Morton's fixes address 
> > the problem already?
> 
> The 2.6 should be this one (comitted 15 days ago):
> http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@1.38?nav=index.html|src/|src/mm|hist/mm/mremap.c
> 2.6.3 is safe, it seems

yep.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Security update patch to 2.6.3 for mremap()?
  2004-02-19 16:00 ` Diego Calleja García
  2004-02-19 17:37   ` Chris Wright
@ 2004-02-19 17:43   ` Nur Hussein
  2004-02-19 17:56     ` Chris Wright
  1 sibling, 1 reply; 7+ messages in thread
From: Nur Hussein @ 2004-02-19 17:43 UTC (permalink / raw)
  To: linux-kernel

Thank you for the clarification, and I apologize for my previous email
which went horribly wrong wrt formatting.

> AFAIK, the 2.4 path should be this one, shouldn't it?
> http://linux.bkbits.net:8080/linux-2.4/patch@1.1323?nav=index.html|ChangeSet@-2d|cset@1.1323

> http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@1.38?nav=index.html|src/|src/mm|hist/mm/mremap.c
> 2.6.3 is safe, it seems

Yes, those two patches seem to match up.

However, I am still intrigued by this fix:

http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4

It does not seem to be in 2.6.3. I can only assume 2.6.x does not
require it? The Changeset says it is to prevent a potential exploit by
the malicious use of mremap().

-= Nur Hussein =-

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Security update patch to 2.6.3 for mremap()?
  2004-02-19 17:43   ` Nur Hussein
@ 2004-02-19 17:56     ` Chris Wright
  2004-02-20  6:44       ` mremap patches for 2.4 and 2.2? Ville Herva
  0 siblings, 1 reply; 7+ messages in thread
From: Chris Wright @ 2004-02-19 17:56 UTC (permalink / raw)
  To: Nur Hussein; +Cc: linux-kernel

* Nur Hussein (obiwan@slackware.org.my) wrote:
> However, I am still intrigued by this fix:
> 
> http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4
> 
> It does not seem to be in 2.6.3. I can only assume 2.6.x does not
> require it? The Changeset says it is to prevent a potential exploit by
> the malicious use of mremap().

It's fixed in 2.6 as well.

http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@1.35?nav=index.html|src/|src/mm|hist/mm/mremap.c

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

^ permalink raw reply	[flat|nested] 7+ messages in thread

* mremap patches for 2.4 and 2.2?
  2004-02-19 17:56     ` Chris Wright
@ 2004-02-20  6:44       ` Ville Herva
  0 siblings, 0 replies; 7+ messages in thread
From: Ville Herva @ 2004-02-20  6:44 UTC (permalink / raw)
  To: Chris Wright; +Cc: Nur Hussein, linux-kernel

On Thu, Feb 19, 2004 at 09:56:36AM -0800, you [Chris Wright] wrote:
> * Nur Hussein (obiwan@slackware.org.my) wrote:
> > However, I am still intrigued by this fix:
> > 
> > http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4
> > 
> > It does not seem to be in 2.6.3. I can only assume 2.6.x does not
> > require it? The Changeset says it is to prevent a potential exploit by
> > the malicious use of mremap().
> 
> It's fixed in 2.6 as well.
> 
> http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@1.35?nav=index.html|src/|src/mm|hist/mm/mremap.c

Are these the sole patches one should apply for this vulnerability if
patching an older 2.4 or 2.6?

Is there a patch for 2.2 somewhere?


-- v --

v@iki.fi

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: mremap patches for 2.4 and 2.2?
       [not found] <200402200946.i1K9k2OH015422@sunrise.pg.gda.pl>
@ 2004-02-20 10:13 ` Andrzej Krzysztofowicz
  0 siblings, 0 replies; 7+ messages in thread
From: Andrzej Krzysztofowicz @ 2004-02-20 10:13 UTC (permalink / raw)
  To: vherva; +Cc: kernel list

> On Thu, Feb 19, 2004 at 09:56:36AM -0800, you [Chris Wright] wrote:
> > * Nur Hussein (obiwan@slackware.org.my) wrote:
> > > However, I am still intrigued by this fix:
> > > 
> > > http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@1.7?nav=cset@1.1136.94.4
> > > 
> > > It does not seem to be in 2.6.3. I can only assume 2.6.x does not
> > > require it? The Changeset says it is to prevent a potential exploit by
> > > the malicious use of mremap().
> > 
> > It's fixed in 2.6 as well.
> > 
> > http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@1.35?nav=index.html|src/|src/mm|hist/mm/mremap.c
> 
> Are these the sole patches one should apply for this vulnerability if
> patching an older 2.4 or 2.6?
> 
> Is there a patch for 2.2 somewhere?

linux-2.2-mremap-munmap.patch

You can get it from cvs.pld-linux.org CVS or extract from:
ftp://ftp.pld-linux.org/dists/ra/updates/security/SRPMS/kernel-2.2.25-4.src.rpm

-- 
=======================================================================
  Andrzej M. Krzysztofowicz               ankry@mif.pg.gda.pl
  phone (48)(58) 347 14 61
Faculty of Applied Phys. & Math.,   Gdansk University of Technology

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2004-02-20 10:13 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-19 14:37 Security update patch to 2.6.3 for mremap()? Nur Hussein
2004-02-19 16:00 ` Diego Calleja García
2004-02-19 17:37   ` Chris Wright
2004-02-19 17:43   ` Nur Hussein
2004-02-19 17:56     ` Chris Wright
2004-02-20  6:44       ` mremap patches for 2.4 and 2.2? Ville Herva
     [not found] <200402200946.i1K9k2OH015422@sunrise.pg.gda.pl>
2004-02-20 10:13 ` Andrzej Krzysztofowicz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox