[CVE-2015-3339][PATCH 0/1] Linux: chown() was racy relative to execve()
Luis Henriques
luis.henriques at canonical.com
Mon Apr 27 11:11:25 UTC 2015
On Mon, Apr 27, 2015 at 12:07:55PM +0100, Luis Henriques wrote:
> Following this email I am sending the backports of CVE-2015-3339 fix
> for Precise, Trusty, Utopic and Vivid (for Vivid the fix is actually
> a clean cherry-pick).
>
Damn! I forgot to update the patches subject lines to include the
series they apply to. Please discard these, I'll resend in a second.
Cheers,
--
Luís
> Probably the most relevant thing about these backports is the
> substitution of READ_ONCE by ACCESS_ONCE. A different approach has
> been followed by Debian to their jessie kernel: they seem to have
> included commit 230fa253df63 ("kernel: Provide READ_ONCE and
> ASSIGN_ONCE") plus a bunch of other commits replacing the usage of
> ACCESS_ONCE with READ_ONCE.
>
> Anyway, I've tested all these backports using the PoC available for
> this CVE [1] and they seem to be OK.
>
> [1] http://seclists.org/oss-sec/2015/q2/216
>
> Cheers,
> --
> Luis
>
> Jann Horn (1):
> fs: take i_mutex during prepare_binprm for set[ug]id executables
>
> fs/exec.c | 69 +++++++++++++++++++++++++++++++++++++++------------------------
> 1 file changed, 43 insertions(+), 26 deletions(-)
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list