lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061115160146.GD5824@stusta.de>
Date:	Wed, 15 Nov 2006 17:01:46 +0100
From:	Adrian Bunk <bunk@...sta.de>
To:	Chris Wright <chrisw@...s-sol.org>,
	Michael Halcrow <mhalcrow@...ibm.com>
Cc:	linux-kernel@...r.kernel.org, stable@...nel.org
Subject: [2.6.16/18 patch] security/seclvl.c: fix time wrap (CVE-2005-4352)

initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value 
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2031 with initlvl=2.

This patch does not apply to kernel 2.6.19 since the seclvl module was 
already removed in this kernel.

Signed-off-by: Adrian Bunk <bunk@...sta.de>

--- linux-2.6.16.32/security/seclvl.c.old	2006-11-15 13:58:05.000000000 +0100
+++ linux-2.6.16.32/security/seclvl.c	2006-11-15 16:41:51.000000000 +0100
@@ -381,6 +381,8 @@ static int seclvl_settime(struct timespe
 				      current->group_leader->pid);
 			return -EPERM;
 		}		/* if attempt to decrement time */
+		if (tv->tv_sec > 1924988400)	/* disallow dates after 2030) */
+			return -EPERM;		/* CVE-2005-4352 */
 	}			/* if seclvl > 1 */
 	return 0;
 }
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ