[Lucid][CVE-2013-0160][PATCH v2 6/7] TTY: fix atime/mtime regression

[Luis Henriques]

From: Jiri Slaby <jslaby at suse.cz>

CVE-2013-0160

BugLink: http://bugs.launchpad.net/bugs/1097680

In commit b0de59b5733d ("TTY: do not update atime/mtime on read/write")
we removed timestamps from tty inodes to fix a security issue and waited
if something breaks.  Well, 'w', the utility to find out logged users
and their inactivity time broke.  It shows that users are inactive since
the time they logged in.

To revert to the old behaviour while still preventing attackers to
guess the password length, we update the timestamps in one-minute
intervals by this patch.

Signed-off-by: Jiri Slaby <jslaby at suse.cz>
Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
(back ported from commit 37b7f3c76595e23257f61bd80b223de8658617ee)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/char/tty_io.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index 94236ca..3dd0586 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -856,6 +856,14 @@ void start_tty(struct tty_struct *tty)
 
 EXPORT_SYMBOL(start_tty);
 
+static void tty_update_time(struct timespec *time)
+{
+	unsigned long sec = get_seconds();
+	sec -= sec % 60;
+	if ((long)(sec - time->tv_sec) > 0)
+		time->tv_sec = sec;
+}
+
 /**
  *	tty_read	-	read method for tty device files
  *	@file: pointer to tty file
@@ -895,6 +903,9 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
 		i = -EIO;
 	tty_ldisc_deref(ld);
 
+	if (i > 0)
+		tty_update_time(&inode->i_atime);
+
 	return i;
 }
 
@@ -993,8 +1004,11 @@ static inline ssize_t do_tty_write(
 			break;
 		cond_resched();
 	}
-	if (written)
+	if (written) {
+		struct inode *inode = file->f_path.dentry->d_inode;
+		tty_update_time(&inode->i_mtime);
 		ret = written;
+	}
 out:
 	tty_write_unlock(tty);
 	return ret;
-- 
1.8.3.2