* bugfix/all/vserver/net-mount-fix.patch
Fix mounting of network filesystems with VX_BINARY_MOUNT caps (closes: #418076) svn path=/dists/etch/linux-2.6/; revision=8424
This commit is contained in:
parent
ce3f97eb16
commit
0ccae21b22
|
@ -17,8 +17,11 @@ linux-2.6 (2.6.18.dfsg.1-13) UNRELEASED; urgency=low
|
|||
[SECURITY] Fix a vulnerability that allows local users to read
|
||||
otherwise unreadable (but executable) files by triggering a core dump.
|
||||
See CVE-2007-0958
|
||||
* bugfix/all/vserver/net-mount-fix.patch
|
||||
Fix mounting of network filesystems with VX_BINARY_MOUNT caps
|
||||
(closes: #418076)
|
||||
|
||||
-- dann frazier <dannf@debian.org> Wed, 04 Apr 2007 01:38:23 -0600
|
||||
-- dann frazier <dannf@debian.org> Fri, 06 Apr 2007 13:16:08 -0600
|
||||
|
||||
linux-2.6 (2.6.18.dfsg.1-12) unstable; urgency=low
|
||||
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
diff -NurpP --minimal linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c linux-2.6.18.5-vs2.0.3-rc1/fs/super.c
|
||||
--- linux-2.6.18.5-vs2.0.2.2-rc9/fs/super.c 2006-09-20 17:59:47 +0200
|
||||
+++ linux-2.6.18.5-vs2.0.3-rc1/fs/super.c 2006-12-13 23:06:16 +0100
|
||||
@@ -848,7 +848,7 @@ vfs_kern_mount(struct file_system_type *
|
||||
|
||||
sb = mnt->mnt_sb;
|
||||
error = -EPERM;
|
||||
- if (!capable(CAP_SYS_ADMIN) && !sb->s_bdev &&
|
||||
+ if (!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT) && !sb->s_bdev &&
|
||||
(sb->s_magic != PROC_SUPER_MAGIC) &&
|
||||
(sb->s_magic != DEVPTS_SUPER_MAGIC))
|
||||
goto out_sb;
|
|
@ -1,2 +1,3 @@
|
|||
+ bugfix/all/vserver/cacct-overflow.patch *_vserver *_xen-vserver
|
||||
+ bugfix/all/vserver/locks.patch *_vserver *_xen-vserver
|
||||
+ bugfix/all/vserver/net-mount-fix.patch *_vserver *_xen-vserver
|
||||
|
|
Loading…
Reference in New Issue