Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:26:12 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:26:12 +0100
commit4c06520b7c1e9ac2f5d9f4bf0d78cb5cbfb998e3 (patch)
treec3ed6ed2e7b17ca91136ca125b00864eb1ce8116
parent54de81db6013cdc698ba88139e2976f61a917ca0 (diff)
- Revert "exec: load_script: don't blindly truncate shebang
string" (bnc#1012628). - Linux 4.20.10 (bnc#1012628). - Delete patches.suse/Revert-exec-load_script-don-t-blindly-truncate-sheba.patch.
-rw-r--r--patches.kernel.org/4.20.10-001-Revert-exec-load_script-don-t-blindly-truncat.patch51
-rw-r--r--patches.kernel.org/4.20.10-002-Linux-4.20.10.patch28
-rw-r--r--patches.suse/Revert-exec-load_script-don-t-blindly-truncate-sheba.patch36
-rw-r--r--series.conf3
4 files changed, 81 insertions, 37 deletions
diff --git a/patches.kernel.org/4.20.10-001-Revert-exec-load_script-don-t-blindly-truncat.patch b/patches.kernel.org/4.20.10-001-Revert-exec-load_script-don-t-blindly-truncat.patch
new file mode 100644
index 0000000000..24df037596
--- /dev/null
+++ b/patches.kernel.org/4.20.10-001-Revert-exec-load_script-don-t-blindly-truncat.patch
@@ -0,0 +1,51 @@
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Thu, 14 Feb 2019 15:02:18 -0800
+Subject: [PATCH] Revert "exec: load_script: don't blindly truncate shebang
+ string"
+References: bnc#1012628
+Patch-mainline: 4.20.10
+Git-commit: cb5b020a8d38f77209d0472a0fea755299a8ec78
+
+commit cb5b020a8d38f77209d0472a0fea755299a8ec78 upstream.
+
+This reverts commit 8099b047ecc431518b9bb6bdbba3549bbecdc343.
+
+It turns out that people do actually depend on the shebang string being
+truncated, and on the fact that an interpreter (like perl) will often
+just re-interpret it entirely to get the full argument list.
+
+Reported-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
+Acked-by: Kees Cook <keescook@chromium.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ fs/binfmt_script.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c
+index d0078cbb718b..7cde3f46ad26 100644
+--- a/fs/binfmt_script.c
++++ b/fs/binfmt_script.c
+@@ -42,14 +42,10 @@ static int load_script(struct linux_binprm *bprm)
+ fput(bprm->file);
+ bprm->file = NULL;
+
+- for (cp = bprm->buf+2;; cp++) {
+- if (cp >= bprm->buf + BINPRM_BUF_SIZE)
+- return -ENOEXEC;
+- if (!*cp || (*cp == '\n'))
+- break;
+- }
++ bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
++ if ((cp = strchr(bprm->buf, '\n')) == NULL)
++ cp = bprm->buf+BINPRM_BUF_SIZE-1;
+ *cp = '\0';
+-
+ while (cp > bprm->buf) {
+ cp--;
+ if ((*cp == ' ') || (*cp == '\t'))
+--
+2.20.1
+
diff --git a/patches.kernel.org/4.20.10-002-Linux-4.20.10.patch b/patches.kernel.org/4.20.10-002-Linux-4.20.10.patch
new file mode 100644
index 0000000000..deccc039f8
--- /dev/null
+++ b/patches.kernel.org/4.20.10-002-Linux-4.20.10.patch
@@ -0,0 +1,28 @@
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Fri, 15 Feb 2019 09:10:58 +0100
+Subject: [PATCH] Linux 4.20.10
+References: bnc#1012628
+Patch-mainline: 4.20.10
+Git-commit: 7f600870eca5a3b1ad58afe78098613d35b6466e
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index c9b831f5e873..6f7a8172de44 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 4
+ PATCHLEVEL = 20
+-SUBLEVEL = 9
++SUBLEVEL = 10
+ EXTRAVERSION =
+ NAME = Shy Crocodile
+
+--
+2.20.1
+
diff --git a/patches.suse/Revert-exec-load_script-don-t-blindly-truncate-sheba.patch b/patches.suse/Revert-exec-load_script-don-t-blindly-truncate-sheba.patch
deleted file mode 100644
index d45dcb4957..0000000000
--- a/patches.suse/Revert-exec-load_script-don-t-blindly-truncate-sheba.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Jiri Slaby <jslaby@suse.cz>
-Date: Fri, 15 Feb 2019 08:05:58 +0100
-Subject: Revert "exec: load_script: don't blindly truncate shebang string"
-Patch-mainline: not yet, under discussion
-References: shebang regression
-
-This reverts commit c3b081f9e2e3377af8c28336e23efab606268eb3, upstream
-commit 8099b047ecc431518b9bb6bdbba3549bbecdc343. It changes the
-behaviour in userspace with respect to shebang handling. Revert until
-fixed.
-
-Signed-off-by: Jiri Slaby <jslaby@suse.cz>
----
- fs/binfmt_script.c | 10 +++-------
- 1 file changed, 3 insertions(+), 7 deletions(-)
-
---- a/fs/binfmt_script.c
-+++ b/fs/binfmt_script.c
-@@ -42,14 +42,10 @@ static int load_script(struct linux_binp
- fput(bprm->file);
- bprm->file = NULL;
-
-- for (cp = bprm->buf+2;; cp++) {
-- if (cp >= bprm->buf + BINPRM_BUF_SIZE)
-- return -ENOEXEC;
-- if (!*cp || (*cp == '\n'))
-- break;
-- }
-+ bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
-+ if ((cp = strchr(bprm->buf, '\n')) == NULL)
-+ cp = bprm->buf+BINPRM_BUF_SIZE-1;
- *cp = '\0';
--
- while (cp > bprm->buf) {
- cp--;
- if ((*cp == ' ') || (*cp == '\t'))
diff --git a/series.conf b/series.conf
index b2b7f492d1..72b84c01f3 100644
--- a/series.conf
+++ b/series.conf
@@ -1134,6 +1134,8 @@
patches.kernel.org/4.20.9-049-batman-adv-Avoid-WARN-on-net_device-without-pa.patch
patches.kernel.org/4.20.9-050-batman-adv-Force-mac-header-to-start-of-data-o.patch
patches.kernel.org/4.20.9-051-Linux-4.20.9.patch
+ patches.kernel.org/4.20.10-001-Revert-exec-load_script-don-t-blindly-truncat.patch
+ patches.kernel.org/4.20.10-002-Linux-4.20.10.patch
########################################################
# Build fixes that apply to the vanilla kernel too.
@@ -1185,7 +1187,6 @@
########################################################
# Scheduler / Core
########################################################
- patches.suse/Revert-exec-load_script-don-t-blindly-truncate-sheba.patch
patches.suse/setuid-dumpable-wrongdir
patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch