Ack: [CVE-2015-3339][PATCH 0/1] Linux: chown() was racy relative to execve()
Seth Forshee
seth.forshee at canonical.com
Mon Apr 27 13:44:25 UTC 2015
On Mon, Apr 27, 2015 at 12:12:03PM +0100, Luis Henriques wrote:
> Following this email I am sending the backports of CVE-2015-3339 fix
> for Precise, Trusty, Utopic and Vivid (for Vivid the fix is actually
> a clean cherry-pick).
>
> Probably the most relevant thing about these backports is the
> substitution of READ_ONCE by ACCESS_ONCE. A different approach has
> been followed by Debian to their jessie kernel: they seem to have
> included commit 230fa253df63 ("kernel: Provide READ_ONCE and
> ASSIGN_ONCE") plus a bunch of other commits replacing the usage of
> ACCESS_ONCE with READ_ONCE.
>
> Anyway, I've tested all these backports using the PoC available for
> this CVE [1] and they seem to be OK.
>
> [1] http://seclists.org/oss-sec/2015/q2/216
The backports look correct to me. Ack for all 4.
More information about the kernel-team
mailing list