]>
Commit | Line | Data |
---|---|---|
08e1901e CW |
1 | From bunk@stusta.de Wed Nov 15 08:05:24 2006 |
2 | Date: Wed, 15 Nov 2006 17:01:46 +0100 | |
3 | From: Adrian Bunk <bunk@stusta.de> | |
4 | To: Chris Wright <chrisw@sous-sol.org>, Michael Halcrow <mhalcrow@us.ibm.com> | |
5 | Cc: stable@kernel.org | |
6 | Subject: security/seclvl.c: fix time wrap (CVE-2005-4352) | |
7 | Message-ID: <20061115160146.GD5824@stusta.de> | |
8 | ||
9 | initlvl=2 in seclvl gives the guarantee | |
10 | "Cannot decrement the system time". | |
11 | ||
12 | But it was possible to set the time to the maximum unixtime value | |
13 | (19 Jan 2038) resulting in a wrap to the minimum value. | |
14 | ||
15 | This patch fixes this by disallowing setting the time to any date | |
544c8763 | 16 | after 2030 with initlvl=2. |
08e1901e CW |
17 | |
18 | This patch does not apply to kernel 2.6.19 since the seclvl module was | |
19 | already removed in this kernel. | |
20 | ||
21 | Signed-off-by: Adrian Bunk <bunk@stusta.de> | |
22 | Signed-off-by: Chris Wright <chrisw@sous-sol.org> | |
23 | ||
24 | --- | |
25 | security/seclvl.c | 2 ++ | |
26 | 1 file changed, 2 insertions(+) | |
27 | ||
28 | --- linux-2.6.18.2.orig/security/seclvl.c | |
29 | +++ linux-2.6.18.2/security/seclvl.c | |
30 | @@ -370,6 +370,8 @@ static int seclvl_settime(struct timespe | |
31 | current->group_leader->pid); | |
32 | return -EPERM; | |
33 | } /* if attempt to decrement time */ | |
34 | + if (tv->tv_sec > 1924988400) /* disallow dates after 2030) */ | |
35 | + return -EPERM; /* CVE-2005-4352 */ | |
36 | } /* if seclvl > 1 */ | |
37 | return 0; | |
38 | } |