From patchwork Wed Mar 17 17:16:23 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim Gardner <tim.gardner@canonical.com>
X-Patchwork-Id: 1454880
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4F0xf64vHyz9sWd;
	Thu, 18 Mar 2021 04:16:45 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1lMZmg-0005c3-Sq; Wed, 17 Mar 2021 17:16:38 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <tim.gardner@canonical.com>) id 1lMZme-0005bf-SE
 for kernel-team@lists.ubuntu.com; Wed, 17 Mar 2021 17:16:36 +0000
Received: from mail-pl1-f199.google.com ([209.85.214.199])
 by youngberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <tim.gardner@canonical.com>) id 1lMZme-0005fe-F7
 for kernel-team@lists.ubuntu.com; Wed, 17 Mar 2021 17:16:36 +0000
Received: by mail-pl1-f199.google.com with SMTP id y19so887282pll.8
 for <kernel-team@lists.ubuntu.com>; Wed, 17 Mar 2021 10:16:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=fE0SPjJSqiR+uq6Y5hhdujkLsNB0ZalX6m5XAtcpBmA=;
 b=OufpI3nh1t3zMPKH8XO5lzSzs+homrkByHMIZL3cs5ejjAbPVMK1DhYfSILQK9Bp9c
 HFLneazQo5XM+mxeeHhA6mcq4BGirbVVuRiFw6Gcg52WKdGcrFY0dOgaqclVrX++yLig
 wcYQpZHgIRtVRz1C3f1npPzvbTcfFy+n9od/H/CQ+Zo+pYyJhPSUA8I+zQF54RnPsU8R
 ++/Ovbxv+NH3nG5zhD7FXRK39TSVo/ocZMQ6B/cKuYXCbYaAdE+z6qabTtyMk/UA/o0n
 HzYYtdlOKJ3vQwbebmbd61e3rnjtwhqDiWPToFHM2n4OWwLyjLXUftMVAshYWQGYnYQW
 chDQ==
X-Gm-Message-State: AOAM530cZWKuMxlB8yzSlX5Q22ntcFRwVtyw3VIW+cyQxhdzMUoOUadA
 KeRDL6fyaskbbcCyFQd9yY25w341qqMlL+/b5782G+CLwnEdZI0CiQLAHAHmHg5609v7SmuS9QH
 UduUyzp+Ih4mVKjIL4m15u2khqmfvSTt3Atvn0mJIOg==
X-Received: by 2002:a17:902:b70e:b029:e6:cef9:6486 with SMTP id
 d14-20020a170902b70eb02900e6cef96486mr115566pls.18.1616001394679;
 Wed, 17 Mar 2021 10:16:34 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJxaFxnlwRafLXhl4GL5fRtLNuQvUIebaonDGSXxjKu9K8d0r4sCWzIdKhpefliFREVrFhOuTQ==
X-Received: by 2002:a17:902:b70e:b029:e6:cef9:6486 with SMTP id
 d14-20020a170902b70eb02900e6cef96486mr115539pls.18.1616001394442;
 Wed, 17 Mar 2021 10:16:34 -0700 (PDT)
Received: from localhost.localdomain ([69.163.84.166])
 by smtp.gmail.com with ESMTPSA id x190sm19922265pfx.60.2021.03.17.10.16.33
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 17 Mar 2021 10:16:34 -0700 (PDT)
From: Tim Gardner <tim.gardner@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 0/1] [SRU] [xenial/linux] CVE-2015-1350
Date: Wed, 17 Mar 2021 11:16:23 -0600
Message-Id: <20210317171627.888-1-tim.gardner@canonical.com>
X-Mailer: git-send-email 2.17.1
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

[Impact]
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of
requirements for setattr operations that underspecifies removing extended
privilege attributes, which allows local users to cause a denial of service
(capability stripping) via a failed invocation of a system call, as demonstrated
by using chown to remove a capability from the ping or Wireshark dumpcap program.

From the Ubuntu security team:
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service.

The fix commit 030b533c4fd4d2ec3402363323de4bb2983c9cee "fs: Avoid premature
clearing of capabilities" required 3 scaffold patches. I used the stable
updates from linux-4.1.y as a guide.

[Test Plan]
I've run passes with iozone and bonnie++

[Where problems could occur] 
Released in
linux-3.16.y
linux-3.2.y
linux-4.1.y
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>