[Lucid][CVE-2013-0160][Patch 0/3] TTY: do not update atime/mtime on read/write
Luis Henriques
luis.henriques at canonical.com
Fri Jan 24 10:07:17 UTC 2014
Following this email, I am sending 3 patches for Lucid that backport
the fix(es) for CVE-2013-0160:
* b0de59b "TTY: do not update atime/mtime on read/write"
This would be a clean cherry-pick if it wasn't for the file rename:
file drivers/tty/tty_io.c is drivers/char/tty_io.c in Lucid
* 37b7f3c "TTY: fix atime/mtime regression"
The 2nd hunk of this patch is dropped in this backport as it is
already present in Lucid.
* b0b8856 "tty: fix up atime/mtime mess, take three"
This backport drops the first hunk as it depends on commit ecf081d
("vfs: introduce FMODE_NONOTIFY"), which hasn't been backported to
Lucid.
I've tested these patches incrementally, i.e.:
1) I was able to verify the 1st one breaks 'w'
2) The 2nd one fixes it but 'w' still doesn't provide useful
information (updates to 'idle' time take a while)
3) The 3rd one finally makes 'w' usable again.
(Oh, and I've verified the actual CVE is fixed by running the PoCs
available here: http://vladz.devzero.fr/013_ptmx-timing.php)
Jiri Slaby (2):
TTY: do not update atime/mtime on read/write
TTY: fix atime/mtime regression
Linus Torvalds (1):
tty: fix up atime/mtime mess, take three
drivers/char/tty_io.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--
1.8.3.2
More information about the kernel-team
mailing list