| Message ID | 1550586209-14727-1-git-send-email-paolo.pisati@canonical.com |
|---|---|
| Headers | show |
| Series | squashfs hardening | expand |
On 2019-02-19 15:23:24, Paolo Pisati wrote: > "There are a number of squashfs hardening fixes. They don't have CVE number > assigned but it would be good to backport the fixes to harden our kernel against > malicious squashfs images. Snaps are simply squashfs images so an attacker could > craft a malicious snap and attack the kernel of end users that install their > crafted snaps." > > All clean cherry-picks from upstream. The code changes all look good to me. They're all clean cherry-picks and I've given the actual changes a close review, as well. The only problem I see is that, since there's no CVE ID associated, we're missing an SRU bug. I've just created an SRU bug. All commit messages need the following line added: BugLink: https://bugs.launchpad.net/bugs/1816756 With that change, Acked-by: Tyler Hicks <tyhicks@canonical.com> Tyler > > Linus Torvalds (4): > squashfs: be more careful about metadata corruption > squashfs: more metadata hardening > squashfs metadata 2: electric boogaloo > squashfs: more metadata hardening > > Phillip Lougher (1): > Squashfs: Compute expected length from inode size rather than block > length > > fs/squashfs/block.c | 2 ++ > fs/squashfs/cache.c | 3 +++ > fs/squashfs/file.c | 58 ++++++++++++++++++++++++++------------------ > fs/squashfs/file_cache.c | 4 +-- > fs/squashfs/file_direct.c | 24 +++++++++--------- > fs/squashfs/fragment.c | 17 +++++++------ > fs/squashfs/squashfs.h | 3 ++- > fs/squashfs/squashfs_fs.h | 6 +++++ > fs/squashfs/squashfs_fs_sb.h | 1 + > fs/squashfs/super.c | 5 ++-- > 10 files changed, 75 insertions(+), 48 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Good thing Tyler caught the missing CVE and already created a bug.
Thanks, Tyler.
However commits this should add the buglink to the commits, as created by
Tyler.
Cascardo.
Applied patches 2-5. Patch #1 was dropped since it was already applied as part of the bionic upstream patchset in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815234 On 2019-02-19 15:23:24 , Paolo Pisati wrote: > "There are a number of squashfs hardening fixes. They don't have CVE number > assigned but it would be good to backport the fixes to harden our kernel against > malicious squashfs images. Snaps are simply squashfs images so an attacker could > craft a malicious snap and attack the kernel of end users that install their > crafted snaps." > > All clean cherry-picks from upstream. > > Linus Torvalds (4): > squashfs: be more careful about metadata corruption > squashfs: more metadata hardening > squashfs metadata 2: electric boogaloo > squashfs: more metadata hardening > > Phillip Lougher (1): > Squashfs: Compute expected length from inode size rather than block > length > > fs/squashfs/block.c | 2 ++ > fs/squashfs/cache.c | 3 +++ > fs/squashfs/file.c | 58 ++++++++++++++++++++++++++------------------ > fs/squashfs/file_cache.c | 4 +-- > fs/squashfs/file_direct.c | 24 +++++++++--------- > fs/squashfs/fragment.c | 17 +++++++------ > fs/squashfs/squashfs.h | 3 ++- > fs/squashfs/squashfs_fs.h | 6 +++++ > fs/squashfs/squashfs_fs_sb.h | 1 + > fs/squashfs/super.c | 5 ++-- > 10 files changed, 75 insertions(+), 48 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
"There are a number of squashfs hardening fixes. They don't have CVE number assigned but it would be good to backport the fixes to harden our kernel against malicious squashfs images. Snaps are simply squashfs images so an attacker could craft a malicious snap and attack the kernel of end users that install their crafted snaps." All clean cherry-picks from upstream. Linus Torvalds (4): squashfs: be more careful about metadata corruption squashfs: more metadata hardening squashfs metadata 2: electric boogaloo squashfs: more metadata hardening Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length fs/squashfs/block.c | 2 ++ fs/squashfs/cache.c | 3 +++ fs/squashfs/file.c | 58 ++++++++++++++++++++++++++------------------ fs/squashfs/file_cache.c | 4 +-- fs/squashfs/file_direct.c | 24 +++++++++--------- fs/squashfs/fragment.c | 17 +++++++------ fs/squashfs/squashfs.h | 3 ++- fs/squashfs/squashfs_fs.h | 6 +++++ fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 ++-- 10 files changed, 75 insertions(+), 48 deletions(-)