It fixes:
- the /dev/root bug. (now /proc/mounts uses /dev/root instead of rootfs)
- the /proc/cpuinfo BogoMips bug. Currently fixed only for the i386 architecture.
- the /dev/full bug
- and the mkdir(dirname,01777) security bug. (Sticky bit was stripped so
anyuser could e.g. remove files) Currently fixed only for the ext2 fs.
still unfixed:
- the security bug in linux/drivers/char/console.c:
static void reset_terminal(int currcons, int do_clear)
the scroll buffer is not reseted.
Problem: A new user can spy the previous console user.
- The ext2fs's secure delete flag is currently not used !
Linus, it would be very kind of you if you (or others) could reimplement this
security feature.
Quote from linux/fs/ext2/truncate.c:
/*
* Secure deletion currently doesn't work. It interacts very badly
* with buffers shared with memory mappings, and for that reason
* can't be done in the truncate() routines. It should instead be
* done separately in "release()" before calling the truncate routines
* that will release the actual file blocks.
*
* Linus
*/
- The TCP SYN attack stops Version 2.0.20 even if no programs are listening to any port.
Is there any interest for large loopback patches/fixes ?
Bye,
Wolfram
diff -u --recursive --new-file v2.0.20/linux/arch/i386/kernel/setup.c linux/arch/i386/kernel/setup.c
--- v2.0.20/linux/arch/i386/kernel/setup.c Wed May 8 06:42:33 1996
+++ linux/arch/i386/kernel/setup.c Wed Sep 11 12:00:00 1996
@@ -327,8 +327,8 @@
}
len += sprintf(buffer+len,
"\nbogomips\t: %lu.%02lu\n",
- CD(loops_per_sec)/500000,
- (CD(loops_per_sec)/5000) % 100);
+ CD(loops_per_sec+2500)/500000,
+ (CD(loops_per_sec+2500)/5000) % 100);
#ifdef __SMP__
}
}
diff -u --recursive --new-file v2.0.20/linux/drivers/char/mem.c linux/drivers/char/mem.c
--- v2.0.20/linux/drivers/char/mem.c Tue Sep 10 14:42:53 1996
+++ linux/drivers/char/mem.c Tue Sep 10 14:43:27 1996
@@ -196,6 +196,7 @@
static int read_full(struct inode * node, struct file * file, char * buf,int count)
{
+ file->f_pos += count;
return count;
}
diff -u --recursive --new-file v2.0.20/linux/fs/ext2/namei.c linux/fs/ext2/namei.c
--- v2.0.20/linux/fs/ext2/namei.c Wed Jul 10 12:11:15 1996
+++ linux/fs/ext2/namei.c Tue Sep 10 16:33:57 1996
@@ -519,7 +519,7 @@
inode->i_nlink = 2;
mark_buffer_dirty(dir_block, 1);
brelse (dir_block);
- inode->i_mode = S_IFDIR | (mode & S_IRWXUGO & ~current->fs->umask);
+ inode->i_mode = S_IFDIR | (mode & (S_IRWXUGO|S_ISVTX) & ~current->fs->umask);
if (dir->i_mode & S_ISGID)
inode->i_mode |= S_ISGID;
inode->i_dirt = 1;
diff -u --recursive --new-file v2.0.20/linux/fs/namei.c linux/fs/namei.c
--- v2.0.20/linux/fs/namei.c Wed Sep 4 11:26:19 1996
+++ linux/fs/namei.c Tue Sep 10 16:34:07 1996
@@ -585,7 +585,7 @@
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
- error = dir->i_op->mkdir(dir, basename, namelen, mode & 0777 & ~current->fs->umask);
+ error = dir->i_op->mkdir(dir, basename, namelen, mode & 01777 & ~current->fs->umask);
up(&dir->i_sem);
iput(dir);
return error;
diff -u --recursive --new-file v2.0.20/linux/fs/super.c linux/fs/super.c
--- v2.0.20/linux/fs/super.c Wed Sep 4 11:26:20 1996
+++ linux/fs/super.c Tue Sep 10 14:42:05 1996
@@ -948,7 +948,7 @@
current->fs->root = inode;
ROOT_DEV = sb->s_dev;
printk (KERN_NOTICE "VFS: Mounted root (nfs filesystem).\n");
- vfsmnt = add_vfsmnt(ROOT_DEV, "rootfs", "/");
+ vfsmnt = add_vfsmnt(ROOT_DEV, "/dev/root", "/");
if (!vfsmnt)
panic("VFS: add_vfsmnt failed for NFS root.\n");
vfsmnt->mnt_sb = sb;
@@ -1010,7 +1010,7 @@
printk ("VFS: Mounted root (%s filesystem)%s.\n",
fs_type->name,
(sb->s_flags & MS_RDONLY) ? " readonly" : "");
- vfsmnt = add_vfsmnt(ROOT_DEV, "rootfs", "/");
+ vfsmnt = add_vfsmnt(ROOT_DEV, "/dev/root", "/");
if (!vfsmnt)
panic("VFS: add_vfsmnt failed for root fs");
vfsmnt->mnt_sb = sb;
@@ -1075,7 +1075,7 @@
}
iput(old_root); /* sb->s_covered */
remove_vfsmnt(old_root_dev);
- vfsmnt = add_vfsmnt(old_root_dev,"old_rootfs",put_old);
+ vfsmnt = add_vfsmnt(old_root_dev,"/dev/root.old",put_old);
if (!vfsmnt) printk(KERN_CRIT "Trouble: add_vfsmnt failed\n");
else {
vfsmnt->mnt_sb = old_root->i_sb;