NAK: [X] [PATCH] fixes for LP: #1415636/CVE-2015-1350
José Pekkarinen
jose.pekkarinen at canonical.com
Thu Aug 2 09:03:53 UTC 2018
On Thursday, 2 August 2018 11:01:34 EEST Kleber Souza wrote:
> On 08/01/18 16:58, José Pekkarinen wrote:
> > fs: Avoid premature clearing of capabilities(030b533c4fd)
> > Reviewed-by: Christoph Hellwig <hch at lst.de>
> > by: Jan Kara <jack at suse.cz>
> >
> > It's applied on:
> >
> > UBUNTU: Ubuntu-lts-3.19.0-82.90~14.04.1(ceea1114793f68).
> > Signed-off-by: Brad Figg <brad.figg at canonical.com>
>
> Hi José,
>
> We don't have any 3.19 based kernel that's currently supported, was the
> patch really backported for the version stated above?
Yes it's, I didn't find any other 3.x kernel for xenial, 4.x is supposed
not to be affected according to the information on the CVE. Is there any
source I'm missing on the run?
> > Currently, notify_change() clears capabilities or IMA attributes by
> > calling security_inode_killpriv() before calling into ->setattr. Thus it
> > happens before any other permission checks in inode_change_ok() and user
> > is thus allowed to trigger clearing of capabilities or IMA attributes
> > for any file he can look up e.g. by calling chown for that file. This is
> > unexpected and can lead to user DoSing a system.
> >
> > Fix the problem by calling security_inode_killpriv() at the end of
> > inode_change_ok() instead of from notify_change(). At that moment we are
> > sure user has permissions to do the requested change.
> >
> > References: CVE-2015-1350
> > Signed-off-by: José Pekkarinen <jose.pekkarinen at canonical.com>
>
> The body of the email doesn't follow our patch format for kernel SRU
> requests. Please re-submit the patch following the format as described at:
>
> https://wiki.ubuntu.com/Kernel/Dev/StablePatchFormat
I'll fix that for the following. Thanks!
José.
More information about the kernel-team
mailing list