Bug 190082

Summary: [PATCH] shm mprotect (CVE-2006-1524)
Product: [Retired] Fedora Legacy Reporter: James Kosin <jkosin>
Component: kernelAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED DUPLICATE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=0dba0f6b382bf360a1974fd78538273478dfc784
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-24 22:22:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch file for CVE-2006-1524 none

Description James Kosin 2006-04-27 12:39:55 UTC 
commit 0dba0f6b382bf360a1974fd78538273478dfc784
tree 99fca29bf28dcd04c93b43b7575aaa00f5794288
parent 3c1e09e173e5fec7535a3795c4bc7870c8026ff3
author Hugh Dickins <hugh> Tue, 25 Apr 2006 20:05:59 +0100
committer Marcelo Tosatti <marcelo> Thu, 27 Apr 2006 02:48:15 -0300

[PATCH] fix shm mprotect (CVE-2006-1524)

shmat stop mprotect from giving write permission to a readonly attachment.

Signed-off-by: Hugh Dickins <hugh>

 ipc/shm.c |    2 ++
 1 files changed, 2 insertions(+)

diff --git a/ipc/shm.c b/ipc/shm.c
index 1df0577..36cb09a 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -161,6 +161,8 @@ static int shm_mmap(struct file * file, 
 {
 	UPDATE_ATIME(file->f_dentry->d_inode);
 	vma->vm_ops = &shm_vm_ops;
+	if (!(vma->vm_flags & VM_WRITE))
+		vma->vm_flags &= ~VM_MAYWRITE;
 	shm_inc(file->f_dentry->d_inode->i_ino);
 	return 0;
 }
-
To unsubscribe from this list: send the line "unsubscribe git-commits-24" in
the body of a message to majordomo.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
-- Scanned by ClamAV - http://www.clamav.net
Comment 1 James Kosin 2006-04-27 12:42:29 UTC 
Created attachment 128305 [details]
patch file for CVE-2006-1524

I've included the patch from upstream.
--James
Comment 2 Marc Deslauriers 2006-07-24 22:22:22 UTC 

*** This bug has been marked as a duplicate of 200034 ***