Re: mremap patches for 2.4 and 2.2?
From: Andrzej Krzysztofowicz
Date: Fri Feb 20 2004 - 05:14:23 EST
> On Thu, Feb 19, 2004 at 09:56:36AM -0800, you [Chris Wright] wrote:
> > * Nur Hussein (obiwan@xxxxxxxxxxxxxxxx) wrote:
> > > However, I am still intrigued by this fix:
> > >
> > > http://linux.bkbits.net:8080/linux-2.4/diffs/mm/mremap.c@xxx?nav=cset@1.1136.94.4
> > >
> > > It does not seem to be in 2.6.3. I can only assume 2.6.x does not
> > > require it? The Changeset says it is to prevent a potential exploit by
> > > the malicious use of mremap().
> >
> > It's fixed in 2.6 as well.
> >
> > http://linux.bkbits.net:8080/linux-2.5/diffs/mm/mremap.c@xxxx?nav=index.html|src/|src/mm|hist/mm/mremap.c
>
> Are these the sole patches one should apply for this vulnerability if
> patching an older 2.4 or 2.6?
>
> Is there a patch for 2.2 somewhere?
linux-2.2-mremap-munmap.patch
You can get it from cvs.pld-linux.org CVS or extract from:
ftp://ftp.pld-linux.org/dists/ra/updates/security/SRPMS/kernel-2.2.25-4.src.rpm
--
=======================================================================
Andrzej M. Krzysztofowicz ankry@xxxxxxxxxxxxx
phone (48)(58) 347 14 61
Faculty of Applied Phys. & Math., Gdansk University of Technology
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/