[Triumf-linux-managers] kernel vulnerability
Andrew Daviel
advax at triumf.ca
Tue Aug 18 12:38:10 PDT 2009
If anyone cares, I think Linus just fixed it. One line in net/socket.c
- return sock->ops->sendpage(sock, page, offset, size, flags);
+ return kernel_sendpage(sock, page, offset, size, flags);
h-online.com reports a patched kernel is out for Debian 4,5 and Fedora
10,11.
RHEL is working on it, CentOS is waiting for them, SL ditto I presume.
I suspect the same patch could be applied to earlier kernels including
2.4; the call looks the same.
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
commit d245fc6aa1bdaba06603d251e431f3d6d110a00a
Author: Linus Torvalds <torvalds at linux-foundation.org>
Date: Thu Aug 13 08:28:36 2009 -0700
Make sock_sendpage() use kernel_sendpage()
commit e694958388c50148389b0e9b9e9e8945cf0f1b98 upstream.
kernel_sendpage() does the proper default case handling for when the
socket doesn't have a native sendpage implementation.
Now, arguably this might be something that we could instead solve by
just specifying that all protocols should do it themselves at the
protocol level, but we really only care about the common protocols.
Does anybody really care about sendpage on something like Appletalk? Not
likely.
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-managers
mailing list