[CVE-2015-3339][PATCH 0/1] Linux: chown() was racy relative to execve()
Luis Henriques
luis.henriques at canonical.com
Mon Apr 27 11:12:03 UTC 2015
Following this email I am sending the backports of CVE-2015-3339 fix
for Precise, Trusty, Utopic and Vivid (for Vivid the fix is actually
a clean cherry-pick).
Probably the most relevant thing about these backports is the
substitution of READ_ONCE by ACCESS_ONCE. A different approach has
been followed by Debian to their jessie kernel: they seem to have
included commit 230fa253df63 ("kernel: Provide READ_ONCE and
ASSIGN_ONCE") plus a bunch of other commits replacing the usage of
ACCESS_ONCE with READ_ONCE.
Anyway, I've tested all these backports using the PoC available for
this CVE [1] and they seem to be OK.
[1] http://seclists.org/oss-sec/2015/q2/216
Cheers,
--
Luis
Jann Horn (1):
fs: take i_mutex during prepare_binprm for set[ug]id executables
fs/exec.c | 69 +++++++++++++++++++++++++++++++++++++++------------------------
1 file changed, 43 insertions(+), 26 deletions(-)
More information about the kernel-team
mailing list