diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2014-02-03 10:16:12 -0500 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2014-02-03 10:16:57 -0500 |
commit | 48743b9f71413e1ef683a32de40d9feb1504280c (patch) | |
tree | b4e4bc490ce81102c4b53a266c056bd11428b104 | |
parent | c5b8e6212db5251a5df6c05dc4c96defa29c76cc (diff) | |
download | longterm-queue-2.6.34-48743b9f71413e1ef683a32de40d9feb1504280c.tar.gz |
drop signal patch ; breaks mips
Has other dependencies....
CC kernel/signal.o
kernel/signal.c: In function 'flush_signal_handlers':
kernel/signal.c:364:9: error: 'struct sigaction' has no member named 'sa_restorer'
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/series | 1 | ||||
-rw-r--r-- | queue/signal-always-clear-sa_restorer-on-execve.patch | 71 |
2 files changed, 0 insertions, 72 deletions
diff --git a/queue/series b/queue/series index ddeb112..6476ab2 100644 --- a/queue/series +++ b/queue/series @@ -84,7 +84,6 @@ tick-Cleanup-NOHZ-per-cpu-data-on-cpu-down.patch gen_init_cpio-avoid-stack-overflow-when-expanding.patch exec-do-not-leave-bprm-interp-on-stack.patch exec-use-ELOOP-for-max-recursion-depth.patch -signal-always-clear-sa_restorer-on-execve.patch ptrace-ptrace_resume-shouldn-t-wake-up-TASK_TRACED-t.patch kernel-signal.c-stop-info-leak-via-the-tkill-and-the.patch wake_up_process-should-be-never-used-to-wakeup-a-TAS.patch diff --git a/queue/signal-always-clear-sa_restorer-on-execve.patch b/queue/signal-always-clear-sa_restorer-on-execve.patch deleted file mode 100644 index 69ca68a..0000000 --- a/queue/signal-always-clear-sa_restorer-on-execve.patch +++ /dev/null @@ -1,71 +0,0 @@ -From f9e3cf68e12d2fb197c4bd7decd050573de889d3 Mon Sep 17 00:00:00 2001 -From: Kees Cook <keescook@chromium.org> -Date: Wed, 13 Mar 2013 14:59:33 -0700 -Subject: [PATCH] signal: always clear sa_restorer on execve - -commit 2ca39528c01a933f6689cd6505ce65bd6d68a530 upstream. - -When the new signal handlers are set up, the location of sa_restorer is -not cleared, leaking a parent process's address space location to -children. This allows for a potential bypass of the parent's ASLR by -examining the sa_restorer value returned when calling sigaction(). - -Based on what should be considered "secret" about addresses, it only -matters across the exec not the fork (since the VMAs haven't changed -until the exec). But since exec sets SIG_DFL and keeps sa_restorer, -this is where it should be fixed. - -Given the few uses of sa_restorer, a "set" function was not written -since this would be the only use. Instead, we use -__ARCH_HAS_SA_RESTORER, as already done in other places. - -Example of the leak before applying this patch: - - $ cat /proc/$$/maps - ... - 7fb9f3083000-7fb9f3238000 r-xp 00000000 fd:01 404469 .../libc-2.15.so - ... - $ ./leak - ... - 7f278bc74000-7f278be29000 r-xp 00000000 fd:01 404469 .../libc-2.15.so - ... - 1 0 (nil) 0x7fb9f30b94a0 - 2 4000000 (nil) 0x7f278bcaa4a0 - 3 4000000 (nil) 0x7f278bcaa4a0 - 4 0 (nil) 0x7fb9f30b94a0 - ... - -[akpm@linux-foundation.org: use SA_RESTORER for backportability] -Signed-off-by: Kees Cook <keescook@chromium.org> -Reported-by: Emese Revfy <re.emese@gmail.com> -Cc: Emese Revfy <re.emese@gmail.com> -Cc: PaX Team <pageexec@freemail.hu> -Cc: Al Viro <viro@zeniv.linux.org.uk> -Cc: Oleg Nesterov <oleg@redhat.com> -Cc: "Eric W. Biederman" <ebiederm@xmission.com> -Cc: Serge Hallyn <serge.hallyn@canonical.com> -Cc: Julien Tinnes <jln@google.com> -Signed-off-by: Andrew Morton <akpm@linux-foundation.org> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> ---- - kernel/signal.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/kernel/signal.c b/kernel/signal.c -index 137a3333b444..4f34db1bb58c 100644 ---- a/kernel/signal.c -+++ b/kernel/signal.c -@@ -360,6 +360,9 @@ flush_signal_handlers(struct task_struct *t, int force_default) - if (force_default || ka->sa.sa_handler != SIG_IGN) - ka->sa.sa_handler = SIG_DFL; - ka->sa.sa_flags = 0; -+#ifdef SA_RESTORER -+ ka->sa.sa_restorer = NULL; -+#endif - sigemptyset(&ka->sa.sa_mask); - ka++; - } --- -1.8.5.2 - |