[PATCH] security/seclvl.c: fix time wrap (CVE-2005-4352)

initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2030 with initlvl=2.

This patch does not apply to kernel 2.6.19 since the seclvl module was
already removed in this kernel.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>

diff --git a/security/seclvl.c b/security/seclvl.c
index c26dd7de04712482ad34144b033a9bce9fed2363..d5371b8dae01c8d5f4cbf64be3c9250919cf415c 100644 (file)
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -370,6 +370,8 @@ static int seclvl_settime(struct timespec *tv, struct timezone *tz)
                                      current->group_leader->pid);
                        return -EPERM;
                }               /* if attempt to decrement time */
+               if (tv->tv_sec > 1924988400)    /* disallow dates after 2030) */
+                       return -EPERM;          /* CVE-2005-4352 */
        }                       /* if seclvl > 1 */
        return 0;
 }