packages (LINUX_2_6_38): kernel/kernel-small_fixes.patch, kernel/kernel.spe...

arekm arekm at pld-linux.org
Wed Jun 1 23:40:10 CEST 2011


Author: arekm                        Date: Wed Jun  1 21:40:10 2011 GMT
Module: packages                      Tag: LINUX_2_6_38
---- Log message:
- apparmor oops fix

---- Files affected:
packages/kernel:
   kernel-small_fixes.patch (1.25 -> 1.25.2.1) , kernel.spec (1.924.2.1 -> 1.924.2.2) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-small_fixes.patch
diff -u packages/kernel/kernel-small_fixes.patch:1.25 packages/kernel/kernel-small_fixes.patch:1.25.2.1
--- packages/kernel/kernel-small_fixes.patch:1.25	Thu May 19 10:24:00 2011
+++ packages/kernel/kernel-small_fixes.patch	Wed Jun  1 23:40:04 2011
@@ -153,4 +153,36 @@
 --
 To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
 the body of a message to majordomo at vger.kernel.org
-More majordomo info at  http://vger.kernel.org/majordomo-info.html
\ No newline at end of file
+More majordomo info at  http://vger.kernel.org/majordomo-info.htmlcommit a5b2c5b2ad5853591a6cac6134cd0f599a720865
+Author: Kees Cook <kees.cook at canonical.com>
+Date:   Tue May 31 11:31:41 2011 -0700
+
+    AppArmor: fix oops in apparmor_setprocattr
+    
+    When invalid parameters are passed to apparmor_setprocattr a NULL deref
+    oops occurs when it tries to record an audit message. This is because
+    it is passing NULL for the profile parameter for aa_audit. But aa_audit
+    now requires that the profile passed is not NULL.
+    
+    Fix this by passing the current profile on the task that is trying to
+    setprocattr.
+    
+    Signed-off-by: Kees Cook <kees at ubuntu.com>
+    Signed-off-by: John Johansen <john.johansen at canonical.com>
+    Cc: stable at kernel.org
+    Signed-off-by: James Morris <jmorris at namei.org>
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index ae3a698..ec1bcec 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -593,7 +593,8 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
+ 			sa.aad.op = OP_SETPROCATTR;
+ 			sa.aad.info = name;
+ 			sa.aad.error = -EINVAL;
+-			return aa_audit(AUDIT_APPARMOR_DENIED, NULL, GFP_KERNEL,
++			return aa_audit(AUDIT_APPARMOR_DENIED,
++					__aa_current_profile(), GFP_KERNEL,
+ 					&sa, NULL);
+ 		}
+ 	} else if (strcmp(name, "exec") == 0) {

================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.924.2.1 packages/kernel/kernel.spec:1.924.2.2
--- packages/kernel/kernel.spec:1.924.2.1	Sun May 22 08:18:41 2011
+++ packages/kernel/kernel.spec	Wed Jun  1 23:40:04 2011
@@ -329,7 +329,7 @@
 AutoReqProv:	no
 # for hostname command
 BuildRequires:	module-init-tools >= 3.5
-BuildRequires:	net-tools
+BuildRequires:	hostname
 BuildRequires:	perl-base
 BuildRequires:	rpm-build >= 4.5-24
 BuildRequires:	rpmbuild(macros) >= 1.217
@@ -1552,6 +1552,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.924.2.2  2011/06/01 21:40:04  arekm
+- apparmor oops fix
+
 Revision 1.924.2.1  2011/05/22 06:18:41  arekm
 - partial 2.6.38.7 update (tuxonice updated to 3.2 final; vserver patch fixed; no new grsec)
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.25&r2=1.25.2.1&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.924.2.1&r2=1.924.2.2&f=u



More information about the pld-cvs-commit mailing list