[2.6.16/18 patch] security/seclvl.c: fix time wrap (CVE-2005-4352)

From: Adrian Bunk
Date: Wed Nov 15 2006 - 11:02:06 EST

Next message: David Howells: "Re: [PATCH 05/19] NFS: Use local caching"
Previous message: Kevin Corry: "[PATCH] Oprofile-for-Cell prereqs: New routines for managing PMU interrupts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2031 with initlvl=2.

This patch does not apply to kernel 2.6.19 since the seclvl module was
already removed in this kernel.

Signed-off-by: Adrian Bunk <bunk@xxxxxxxxx>

--- linux-2.6.16.32/security/seclvl.c.old 2006-11-15 13:58:05.000000000 +0100
+++ linux-2.6.16.32/security/seclvl.c 2006-11-15 16:41:51.000000000 +0100
@@ -381,6 +381,8 @@ static int seclvl_settime(struct timespe
current->group_leader->pid);
return -EPERM;
} /* if attempt to decrement time */
+ if (tv->tv_sec > 1924988400) /* disallow dates after 2030) */
+ return -EPERM; /* CVE-2005-4352 */
} /* if seclvl > 1 */
return 0;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "Re: [PATCH 05/19] NFS: Use local caching"
Previous message: Kevin Corry: "[PATCH] Oprofile-for-Cell prereqs: New routines for managing PMU interrupts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]