2.6.22.16 and 2.6.13.14 release

diff --git a/releases/2.6.22.16/series b/releases/2.6.22.16/series
new file mode 100644 (file)
index 0000000..9d50f2e
--- /dev/null
+++ b/releases/2.6.22.16/series
@@ -0,0 +1 @@
+use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch

diff --git a/releases/2.6.22.16/use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch b/releases/2.6.22.16/use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch
new file mode 100644 (file)
index 0000000..b70ce3a
--- /dev/null
+++ b/releases/2.6.22.16/use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch
@@ -0,0 +1,55 @@
+From 974a9f0b47da74e28f68b9c8645c3786aa5ace1a Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@woody.linux-foundation.org>
+Date: Sat, 12 Jan 2008 14:06:34 -0800
+Subject: Use access mode instead of open flags to determine needed permissions (CVE-2008-0001)
+
+From: Linus Torvalds <torvalds@woody.linux-foundation.org>
+
+patch 974a9f0b47da74e28f68b9c8645c3786aa5ace1a in mainline
+
+Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka
+"VFS: Allow the filesystem to return a full file pointer on open intent"
+to be exact), Trond changed the open logic to keep track of the original
+flags to a file open, in order to pass down the the intent of a dentry
+lookup to the low-level filesystem.
+
+However, when doing that reorganization, it changed the meaning of
+namei_flags, and thus inadvertently changed the test of access mode for
+directories (and RO filesystem) to use the wrong flag.  So fix those
+test back to use access mode ("acc_mode") rather than the open flag
+("flag").
+
+Issue noticed by Bill Roman at Datalight.
+
+Reported-and-tested-by: Bill Roman <bill.roman@datalight.com>
+Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/namei.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -1543,7 +1543,7 @@ int may_open(struct nameidata *nd, int a
+       if (S_ISLNK(inode->i_mode))
+               return -ELOOP;
+       
+-      if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
++      if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
+               return -EISDIR;
+ 
+       error = vfs_permission(nd, acc_mode);
+@@ -1562,7 +1562,7 @@ int may_open(struct nameidata *nd, int a
+                       return -EACCES;
+ 
+               flag &= ~O_TRUNC;
+-      } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
++      } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
+               return -EROFS;
+       /*
+        * An append-only file must be opened in append mode for writing.

diff --git a/releases/2.6.23.14/use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch b/releases/2.6.23.14/use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch
new file mode 100644 (file)
index 0000000..1e01731
--- /dev/null
+++ b/releases/2.6.23.14/use-access-mode-instead-of-open-flags-to-determine-needed-permissions.patch
@@ -0,0 +1,55 @@
+From 974a9f0b47da74e28f68b9c8645c3786aa5ace1a Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@woody.linux-foundation.org>
+Date: Sat, 12 Jan 2008 14:06:34 -0800
+Subject: Use access mode instead of open flags to determine needed permissions (CVE-2008-0001)
+
+From: Linus Torvalds <torvalds@woody.linux-foundation.org>
+
+patch 974a9f0b47da74e28f68b9c8645c3786aa5ace1a in mainline
+
+Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka
+"VFS: Allow the filesystem to return a full file pointer on open intent"
+to be exact), Trond changed the open logic to keep track of the original
+flags to a file open, in order to pass down the the intent of a dentry
+lookup to the low-level filesystem.
+
+However, when doing that reorganization, it changed the meaning of
+namei_flags, and thus inadvertently changed the test of access mode for
+directories (and RO filesystem) to use the wrong flag.  So fix those
+test back to use access mode ("acc_mode") rather than the open flag
+("flag").
+
+Issue noticed by Bill Roman at Datalight.
+
+Reported-and-tested-by: Bill Roman <bill.roman@datalight.com>
+Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/namei.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -1576,7 +1576,7 @@ int may_open(struct nameidata *nd, int a
+       if (S_ISLNK(inode->i_mode))
+               return -ELOOP;
+       
+-      if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
++      if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
+               return -EISDIR;
+ 
+       error = vfs_permission(nd, acc_mode);
+@@ -1595,7 +1595,7 @@ int may_open(struct nameidata *nd, int a
+                       return -EACCES;
+ 
+               flag &= ~O_TRUNC;
+-      } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
++      } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
+               return -EROFS;
+       /*
+        * An append-only file must be opened in append mode for writing.