[Lucid][CVE-2013-0160][Patch 0/3] TTY: do not update atime/mtime on read/write

Andy Whitcroft apw at canonical.com
Fri Jan 24 10:58:56 UTC 2014


On Fri, Jan 24, 2014 at 10:07:17AM +0000, Luis Henriques wrote:
> Following this email, I am sending 3 patches for Lucid that backport
> the fix(es) for CVE-2013-0160:
> 
> * b0de59b "TTY: do not update atime/mtime on read/write"
>   This would be a clean cherry-pick if it wasn't for the file rename:
>   file drivers/tty/tty_io.c is drivers/char/tty_io.c in Lucid
> 
> * 37b7f3c "TTY: fix atime/mtime regression"
>   The 2nd hunk of this patch is dropped in this backport as it is
>   already present in Lucid.
> 
> * b0b8856 "tty: fix up atime/mtime mess, take three"
>   This backport drops the first hunk as it depends on commit ecf081d
>   ("vfs: introduce FMODE_NONOTIFY"), which hasn't been backported to
>   Lucid.
> 
> I've tested these patches incrementally, i.e.:
> 
> 1) I was able to verify the 1st one breaks 'w'
> 2) The 2nd one fixes it but 'w' still doesn't provide useful
>   information (updates to 'idle' time take a while)
> 3) The 3rd one finally makes 'w' usable again.
> 
> (Oh, and I've verified the actual CVE is fixed by running the PoCs
> available here: http://vladz.devzero.fr/013_ptmx-timing.php)

Ok, this looks to be missing a bit, the bit for FMODE_NONOTIFY.  There
are two additional commits I think we are going to need here, else the
notify approach will still work:

    commit ecf081d1a73b077916f514f2ec744ded32b88ca1
    Author: Eric Paris <eparis at redhat.com>
    Date:   Thu Dec 17 21:24:25 2009 -0500

	vfs: introduce FMODE_NONOTIFY

and

    commit 12ed2e36c98aec6c41559222e311f4aa15d254b6
    Author: Signed-off-by: Wu Fengguang <fengguang.wu at intel.com>
    Date:   Mon Feb 8 12:31:29 2010 -0500

	fanotify: FMODE_NONOTIFY and __O_SYNC in sparc conflict

In better news the support looks very simple and easy to backport if we
only want this use of it.

-apw




More information about the kernel-team mailing list