[PATCH] security/seclvl.c: fix time wrap (CVE-2005-4352)

initlvl=2 in seclvl gives the guarantee "Cannot decrement the system time". But it was possible to set the time to the maximum unixtime value (19 Jan 2038) resulting in a wrap to the minimum value. This patch fixes this by disallowing setting the time to any date after 2030 with initlvl=2. This patch does not apply to kernel 2.6.19 since the seclvl module was already removed in this kernel. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
author: Adrian Bunk <bunk@stusta.de> 2006-11-15 17:01:46 +0100
committer: Chris Wright <chrisw@sous-sol.org> 2006-11-18 19:28:04 -0800
commit: c721af6db5992d16fbd93855666eafa616512e00 (patch)
tree: a8fd62151853df32d0ed03e4f46c269b75d6eef4
parent: 9a74fa0d377c3c1e633491b5500296174f4c41df (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/seclvl.c b/security/seclvl.c
index c26dd7de0471..d5371b8dae01 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -370,6 +370,8 @@ static int seclvl_settime(struct timespec *tv, struct timezone *tz)
 				      current->group_leader->pid);
 			return -EPERM;
 		}		/* if attempt to decrement time */
+		if (tv->tv_sec > 1924988400)	/* disallow dates after 2030) */
+			return -EPERM;		/* CVE-2005-4352 */
 	}			/* if seclvl > 1 */
 	return 0;
 }
author	Adrian Bunk <bunk@stusta.de>	2006-11-15 17:01:46 +0100
committer	Chris Wright <chrisw@sous-sol.org>	2006-11-18 19:28:04 -0800
commit	c721af6db5992d16fbd93855666eafa616512e00 (patch)
tree	a8fd62151853df32d0ed03e4f46c269b75d6eef4
parent	9a74fa0d377c3c1e633491b5500296174f4c41df (diff)