2.6.16.7

diff --git a/2.6.16.7/fix-madv_remove-vulnerability.patch b/2.6.16.7/fix-madv_remove-vulnerability.patch
new file mode 100644 (file)
index 0000000..036f538
--- /dev/null
+++ b/2.6.16.7/fix-madv_remove-vulnerability.patch
@@ -0,0 +1,28 @@
+From hugh_dickins@symantec.com Mon Apr 17 14:46:50 2006
+Date: Mon, 17 Apr 2006 22:46:32 +0100 (BST)
+From: Hugh Dickins <hugh@veritas.com>
+To: Greg KH <gregkh@suse.de>
+Cc: Chris Wright <chrisw@sous-sol.org>,
+       Andrew Morton <akpm@osdl.org>, Linus Torvalds <torvalds@osdl.org>,
+       Badari Pulavarty <pbadari@us.ibm.com>
+Subject: fix MADV_REMOVE vulnerability (CVE-2006-1524 for real this time)
+Message-ID: <Pine.LNX.4.64.0604172231590.17141@blonde.wat.veritas.com>
+
+madvise_remove needs to respect file and mmap protections.
+
+Signed-off-by: Hugh Dickins <hugh@veritas.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- 2.6.17-rc1/mm/madvise.c    2006-03-20 05:53:29.000000000 +0000
++++ linux/mm/madvise.c 2006-04-11 16:11:52.000000000 +0100
+@@ -168,6 +168,9 @@ static long madvise_remove(struct vm_are
+                       return -EINVAL;
+       }
+ 
++      if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
++              return -EACCES;
++
+       mapping = vma->vm_file->f_mapping;
+ 
+       offset = (loff_t)(start - vma->vm_start)
+