)]}' { "log": [ { "commit": "30736a4d43f4af7f1a7836d6a266be17082195c4", "tree": "54e388cdaf4795bdb7651be03c50bba67eb0b43a", "parents": [ "8d9032bbe4671dc481261ccd4e161cd96e54b118" ], "author": { "name": "Masami Hiramatsu", "email": "mhiramat@redhat.com", "time": "Fri Mar 05 13:44:12 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Mar 06 11:26:46 2010 -0800" }, "message": "coredump: pass mm-\u003eflags as a coredump parameter for consistency\n\nPass mm-\u003eflags as a coredump parameter for consistency.\n\n ---\n1787 if (mm-\u003ecore_state || !get_dumpable(mm)) { \u003c- (1)\n1788 up_write(\u0026mm-\u003emmap_sem);\n1789 put_cred(cred);\n1790 goto fail;\n1791 }\n1792\n[...]\n1798 if (get_dumpable(mm) \u003d\u003d 2) { /* Setuid core dump mode */ \u003c-(2)\n1799 flag \u003d O_EXCL; /* Stop rewrite attacks */\n1800 cred-\u003efsuid \u003d 0; /* Dump root private */\n1801 }\n ---\n\nSince dumpable bits are not protected by lock, there is a chance to change\nthese bits between (1) and (2).\n\nTo solve this issue, this patch copies mm-\u003eflags to\ncoredump_params.mm_flags at the beginning of do_coredump() and uses it\ninstead of get_dumpable() while dumping core.\n\nThis copy is also passed to binfmt-\u003ecore_dump, since elf*_core_dump() uses\ndump_filter bits in mm-\u003eflags.\n\n[akpm@linux-foundation.org: fix merge]\nSigned-off-by: Masami Hiramatsu \u003cmhiramat@redhat.com\u003e\nAcked-by: Roland McGrath \u003croland@redhat.com\u003e\nCc: Hidehiro Kawai \u003chidehiro.kawai.ez@hitachi.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nReviewed-by: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "221af7f87b97431e3ee21ce4b0e77d5411cf1549", "tree": "480126aada06d87c09cb62e7c8fa292572438c18", "parents": [ "64a028a6de08545a2c94f302bc7694bf48aee5b5" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jan 28 22:14:42 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jan 29 08:22:01 2010 -0800" }, "message": "Split \u0027flush_old_exec\u0027 into two functions\n\n\u0027flush_old_exec()\u0027 is the point of no return when doing an execve(), and\nit is pretty badly misnamed. It doesn\u0027t just flush the old executable\nenvironment, it also starts up the new one.\n\nWhich is very inconvenient for things like setting up the new\npersonality, because we want the new personality to affect the starting\nof the new environment, but at the same time we do _not_ want the new\npersonality to take effect if flushing the old one fails.\n\nAs a result, the x86-64 \u002732-bit\u0027 personality is actually done using this\ninsane \"I\u0027m going to change the ABI, but I haven\u0027t done it yet\" bit\n(TIF_ABI_PENDING), with SET_PERSONALITY() not actually setting the\npersonality, but just the \"pending\" bit, so that \"flush_thread()\" can do\nthe actual personality magic.\n\nThis patch in no way changes any of that insanity, but it does split the\n\u0027flush_old_exec()\u0027 function up into a preparatory part that can fail\n(still called flush_old_exec()), and a new part that will actually set\nup the new exec environment (setup_new_exec()). All callers are changed\nto trivially comply with the new world order.\n\nSigned-off-by: H. Peter Anvin \u003chpa@zytor.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f6151dfea21496d43dbaba32cfcd9c9f404769bc", "tree": "092b73a1cd7edbd0e04fe2076ed678447446aa70", "parents": [ "9cd80bbb07fcd6d4d037fad4297496d3b132ac6b" ], "author": { "name": "Masami Hiramatsu", "email": "mhiramat@redhat.com", "time": "Thu Dec 17 15:27:16 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 17 15:45:31 2009 -0800" }, "message": "mm: introduce coredump parameter structure\n\nIntroduce coredump parameter data structure (struct coredump_params) to\nsimplify binfmt-\u003ecore_dump() arguments.\n\nSigned-off-by: Masami Hiramatsu \u003cmhiramat@redhat.com\u003e\nSuggested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Hidehiro Kawai \u003chidehiro.kawai.ez@hitachi.com\u003e\nCc: Oleg Nesterov \u003coleg@redhat.com\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: KOSAKI Motohiro \u003ckosaki.motohiro@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "964ee7df90d799e38fb1556c57cd5c45fc736436", "tree": "58ae7325f80394cb86409d5876c710376dde8e1a", "parents": [ "61be228a06dc6e8662f30e89eda3c12083c1f379" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Wed Sep 23 15:56:59 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Sep 24 07:21:01 2009 -0700" }, "message": "exec: fix set_binfmt() vs sys_delete_module() race\n\nsys_delete_module() can set MODULE_STATE_GOING after\nsearch_binary_handler() does try_module_get(). In this case\nset_binfmt()-\u003etry_module_get() fails but since none of the callers\ncheck the returned error, the task will run with the wrong old\n-\u003ebinfmt.\n\nThe proper fix should change all -\u003eload_binary() methods, but we can\nrely on fact that the caller must hold a reference to binfmt-\u003emodule\nand use __module_get() which never fails.\n\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\nCc: Hiroshi Shimamoto \u003ch-shimamoto@ct.jp.nec.com\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a2a8474c3fff88d8dd52d05cb450563fb26fd26c", "tree": "455415da039a77627f47ed19318bb9c8aa17de4d", "parents": [ "dd5d241ea955006122d76af88af87de73fec25b4" ], "author": { "name": "Oleg Nesterov", "email": "oleg@redhat.com", "time": "Sat Sep 05 11:17:13 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Sep 05 11:30:42 2009 -0700" }, "message": "exec: do not sleep in TASK_TRACED under -\u003ecred_guard_mutex\n\nTom Horsley reports that his debugger hangs when it tries to read\n/proc/pid_of_tracee/maps, this happens since\n\n\t\"mm_for_maps: take -\u003ecred_guard_mutex to fix the race with exec\"\n\t04b836cbf19e885f8366bccb2e4b0474346c02d\n\ncommit in 2.6.31.\n\nBut the root of the problem lies in the fact that do_execve() path calls\ntracehook_report_exec() which can stop if the tracer sets PT_TRACE_EXEC.\n\nThe tracee must not sleep in TASK_TRACED holding this mutex. Even if we\nremove -\u003ecred_guard_mutex from mm_for_maps() and proc_pid_attr_write(),\nanother task doing PTRACE_ATTACH should not hang until it is killed or the\ntracee resumes.\n\nWith this patch do_execve() does not use -\u003ecred_guard_mutex directly and\nwe do not hold it throughout, instead:\n\n\t- introduce prepare_bprm_creds() helper, it locks the mutex\n\t and calls prepare_exec_creds() to initialize bprm-\u003ecred.\n\n\t- install_exec_creds() drops the mutex after commit_creds(),\n\t and thus before tracehook_report_exec()-\u003eptrace_stop().\n\n\t or, if exec fails,\n\n\t free_bprm() drops this mutex when bprm-\u003ecred !\u003d NULL which\n\t indicates install_exec_creds() was not called.\n\nReported-by: Tom Horsley \u003ctom.horsley@att.net\u003e\nSigned-off-by: Oleg Nesterov \u003coleg@redhat.com\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Roland McGrath \u003croland@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "74641f584da8eccf30becfbb5507ab457187db22", "tree": "da212b7ae1b5a2a50a4314b3a75df5763623295e", "parents": [ "77b4cf5cb0c9d6010a18030a0e0a8d2aaf6b43ec" ], "author": { "name": "Ivan Kokshaysky", "email": "ink@jurassic.park.msu.ru", "time": "Thu Apr 30 15:08:49 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat May 02 15:36:10 2009 -0700" }, "message": "alpha: binfmt_aout fix\n\nThis fixes the problem introduced by commit 3bfacef412 (get rid of\nspecial-casing the /sbin/loader on alpha): osf/1 ecoff binary segfaults\nwhen binfmt_aout built as module. That happens because aout binary\nhandler gets on the top of the binfmt list due to late registration, and\nkernel attempts to execute the binary without preparatory work that must\nbe done by binfmt_loader.\n\nFixed by changing the registration order of the default binfmt handlers\nusing list_add_tail() and introducing insert_binfmt() function which\nplaces new handler on the top of the binfmt list. This might be generally\nuseful for installing arch-specific frontends for default handlers or just\nfor overriding them.\n\nSigned-off-by: Ivan Kokshaysky \u003cink@jurassic.park.msu.ru\u003e\nCc: Al Viro \u003cviro@ZenIV.linux.org.uk\u003e\nCc: Richard Henderson \u003crth@twiddle.net\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a50b0aa4bd9a7d42112442a385f3dc0e775284dd", "tree": "f4707e5a1c524545c8caa40eebbe8764c20bfe93", "parents": [ "ab4ad55512e95b68ca3e25516068e18874f89252" ], "author": { "name": "Kirill A. Shutemov", "email": "kirill@shutemov.name", "time": "Thu Apr 02 16:58:29 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Apr 02 19:05:01 2009 -0700" }, "message": "struct linux_binprm: drop unused fields\n\nSigned-off-by: Kirill A. Shutemov \u003ckirill@shutemov.name\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8cd3ac3aca3f2afe8570708066d64d893da468e8", "tree": "ff8d828f3da57880e5d679f32485b5d77d5d3679", "parents": [ "4cb0e11b15d2badad455fcd538af0cccf05dc012" ], "author": { "name": "WANG Cong", "email": "wangcong@zeuux.org", "time": "Tue Jan 06 14:42:48 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:29 2009 -0800" }, "message": "fs/exec.c: make do_coredump() void\n\nNo one cares do_coredump()\u0027s return value, and also it seems that it\nis also not necessary. So make it void.\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: WANG Cong \u003cwangcong@zeuux.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5cf0cc4e670b8da2231a3375db87ec3b6cb84432", "tree": "8545da4f0b0313f24ffa9ef7f862660fe5345d4e", "parents": [ "29041b4b1a3d68192eef7613703669f5c7b01d0c" ], "author": { "name": "Hiroshi Shimamoto", "email": "h-shimamoto@ct.jp.nec.com", "time": "Tue Jan 06 14:41:38 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:19 2009 -0800" }, "message": "binfmts.h: include list.h\n\nlinux_binfmt uses list_head, so list.h is needed.\n\n[akpm@linux-foundation.org: fix `make headerscheck\u0027]\nSigned-off-by: Hiroshi Shimamoto \u003ch-shimamoto@ct.jp.nec.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d", "tree": "8f95617996d0974507f176163459212a7def8b9a", "parents": [ "d84f4f992cbd76e8f39c488cf0c5d123843923b1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:24 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:24 2008 +1100" }, "message": "CRED: Make execve() take advantage of copy-on-write credentials\n\nMake execve() take advantage of copy-on-write credentials, allowing it to set\nup the credentials in advance, and then commit the whole lot after the point\nof no return.\n\nThis patch and the preceding patches have been tested with the LTP SELinux\ntestsuite.\n\nThis patch makes several logical sets of alteration:\n\n (1) execve().\n\n The credential bits from struct linux_binprm are, for the most part,\n replaced with a single credentials pointer (bprm-\u003ecred). This means that\n all the creds can be calculated in advance and then applied at the point\n of no return with no possibility of failure.\n\n I would like to replace bprm-\u003ecap_effective with:\n\n\tcap_isclear(bprm-\u003ecap_effective)\n\n but this seems impossible due to special behaviour for processes of pid 1\n (they always retain their parent\u0027s capability masks where normally they\u0027d\n be changed - see cap_bprm_set_creds()).\n\n The following sequence of events now happens:\n\n (a) At the start of do_execve, the current task\u0027s cred_exec_mutex is\n \t locked to prevent PTRACE_ATTACH from obsoleting the calculation of\n \t creds that we make.\n\n (a) prepare_exec_creds() is then called to make a copy of the current\n \t task\u0027s credentials and prepare it. This copy is then assigned to\n \t bprm-\u003ecred.\n\n \t This renders security_bprm_alloc() and security_bprm_free()\n \t unnecessary, and so they\u0027ve been removed.\n\n (b) The determination of unsafe execution is now performed immediately\n \t after (a) rather than later on in the code. The result is stored in\n \t bprm-\u003eunsafe for future reference.\n\n (c) prepare_binprm() is called, possibly multiple times.\n\n \t (i) This applies the result of set[ug]id binaries to the new creds\n \t attached to bprm-\u003ecred. Personality bit clearance is recorded,\n \t but now deferred on the basis that the exec procedure may yet\n \t fail.\n\n (ii) This then calls the new security_bprm_set_creds(). This should\n\t calculate the new LSM and capability credentials into *bprm-\u003ecred.\n\n\t This folds together security_bprm_set() and parts of\n\t security_bprm_apply_creds() (these two have been removed).\n\t Anything that might fail must be done at this point.\n\n (iii) bprm-\u003ecred_prepared is set to 1.\n\n\t bprm-\u003ecred_prepared is 0 on the first pass of the security\n\t calculations, and 1 on all subsequent passes. This allows SELinux\n\t in (ii) to base its calculations only on the initial script and\n\t not on the interpreter.\n\n (d) flush_old_exec() is called to commit the task to execution. This\n \t performs the following steps with regard to credentials:\n\n\t (i) Clear pdeath_signal and set dumpable on certain circumstances that\n\t may not be covered by commit_creds().\n\n (ii) Clear any bits in current-\u003epersonality that were deferred from\n (c.i).\n\n (e) install_exec_creds() [compute_creds() as was] is called to install the\n \t new credentials. This performs the following steps with regard to\n \t credentials:\n\n (i) Calls security_bprm_committing_creds() to apply any security\n requirements, such as flushing unauthorised files in SELinux, that\n must be done before the credentials are changed.\n\n\t This is made up of bits of security_bprm_apply_creds() and\n\t security_bprm_post_apply_creds(), both of which have been removed.\n\t This function is not allowed to fail; anything that might fail\n\t must have been done in (c.ii).\n\n (ii) Calls commit_creds() to apply the new credentials in a single\n assignment (more or less). Possibly pdeath_signal and dumpable\n should be part of struct creds.\n\n\t (iii) Unlocks the task\u0027s cred_replace_mutex, thus allowing\n\t PTRACE_ATTACH to take place.\n\n (iv) Clears The bprm-\u003ecred pointer as the credentials it was holding\n are now immutable.\n\n (v) Calls security_bprm_committed_creds() to apply any security\n alterations that must be done after the creds have been changed.\n SELinux uses this to flush signals and signal handlers.\n\n (f) If an error occurs before (d.i), bprm_free() will call abort_creds()\n \t to destroy the proposed new credentials and will then unlock\n \t cred_replace_mutex. No changes to the credentials will have been\n \t made.\n\n (2) LSM interface.\n\n A number of functions have been changed, added or removed:\n\n (*) security_bprm_alloc(), -\u003ebprm_alloc_security()\n (*) security_bprm_free(), -\u003ebprm_free_security()\n\n \t Removed in favour of preparing new credentials and modifying those.\n\n (*) security_bprm_apply_creds(), -\u003ebprm_apply_creds()\n (*) security_bprm_post_apply_creds(), -\u003ebprm_post_apply_creds()\n\n \t Removed; split between security_bprm_set_creds(),\n \t security_bprm_committing_creds() and security_bprm_committed_creds().\n\n (*) security_bprm_set(), -\u003ebprm_set_security()\n\n \t Removed; folded into security_bprm_set_creds().\n\n (*) security_bprm_set_creds(), -\u003ebprm_set_creds()\n\n \t New. The new credentials in bprm-\u003ecreds should be checked and set up\n \t as appropriate. bprm-\u003ecred_prepared is 0 on the first call, 1 on the\n \t second and subsequent calls.\n\n (*) security_bprm_committing_creds(), -\u003ebprm_committing_creds()\n (*) security_bprm_committed_creds(), -\u003ebprm_committed_creds()\n\n \t New. Apply the security effects of the new credentials. This\n \t includes closing unauthorised files in SELinux. This function may not\n \t fail. When the former is called, the creds haven\u0027t yet been applied\n \t to the process; when the latter is called, they have.\n\n \t The former may access bprm-\u003ecred, the latter may not.\n\n (3) SELinux.\n\n SELinux has a number of changes, in addition to those to support the LSM\n interface changes mentioned above:\n\n (a) The bprm_security_struct struct has been removed in favour of using\n \t the credentials-under-construction approach.\n\n (c) flush_unauthorized_files() now takes a cred pointer and passes it on\n \t to inode_has_perm(), file_has_perm() and dentry_open().\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "bf2a9a39639b8b51377905397a5005f444e9a892", "tree": "1919ad1abea804ce4cb1e7e8b1ac44b5b9a8f110", "parents": [ "53112488bebe25c0f5f8a002470046c0fe9a6c61" ], "author": { "name": "Kirill A. Shutemov", "email": "kirill@shutemov.name", "time": "Wed Oct 15 22:02:39 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 16 11:21:38 2008 -0700" }, "message": "Allow recursion in binfmt_script and binfmt_misc\n\nbinfmt_script and binfmt_misc disallow recursion to avoid stack overflow\nusing sh_bang and misc_bang. It causes problem in some cases:\n\n$ echo \u0027#!/bin/ls\u0027 \u003e /tmp/t0\n$ echo \u0027#!/tmp/t0\u0027 \u003e /tmp/t1\n$ echo \u0027#!/tmp/t1\u0027 \u003e /tmp/t2\n$ chmod +x /tmp/t*\n$ /tmp/t2\nzsh: exec format error: /tmp/t2\n\nSimilar problem with binfmt_misc.\n\nThis patch introduces field \u0027recursion_depth\u0027 into struct linux_binprm to\ntrack recursion level in binfmt_misc and binfmt_script. If recursion\nlevel more then BINPRM_MAX_RECURSION it generates -ENOEXEC.\n\n[akpm@linux-foundation.org: make linux_binprm.recursion_depth a uint]\nSigned-off-by: Kirill A. Shutemov \u003ckirill@shutemov.name\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "53112488bebe25c0f5f8a002470046c0fe9a6c61", "tree": "6f685c176c7802e356d729984648d759f0ae0ba4", "parents": [ "cde162c2a963dba6d1b6921b58917ef8f27f4150" ], "author": { "name": "Kirill A. Shutemov", "email": "kirill@shutemov.name", "time": "Wed Oct 15 22:02:37 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 16 11:21:38 2008 -0700" }, "message": "alpha: introduce field \u0027taso\u0027 into struct linux_binprm\n\nThis change is Alpha-specific. It adds field \u0027taso\u0027 into struct\nlinux_binprm to remember if the application is TASO. Previously, field\nsh_bang was used for this purpose.\n\nSigned-off-by: Kirill A. Shutemov \u003ckirill@shutemov.name\u003e\nCc: Richard Henderson \u003crth@twiddle.net\u003e\nCc: Ivan Kokshaysky \u003cink@jurassic.park.msu.ru\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Alexander Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5459c164f0591ee75ed0203bb8f3817f25948e2f", "tree": "7b17a0cbadfc487d7311b7f5a41779ff33d6fe7f", "parents": [ "78ecba081224a2db5876b6b81cfed0b78f58adc7" ], "author": { "name": "Andrew G. Morgan", "email": "morgan@kernel.org", "time": "Wed Jul 23 21:28:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jul 24 10:47:22 2008 -0700" }, "message": "security: protect legacy applications from executing with insufficient privilege\n\nWhen cap_bset suppresses some of the forced (fP) capabilities of a file,\nit is generally only safe to execute the program if it understands how to\nrecognize it doesn\u0027t have enough privilege to work correctly. For legacy\napplications (fE!\u003d0), which have no non-destructive way to determine that\nthey are missing privilege, we fail to execute (EPERM) any executable that\nrequires fP capabilities, but would otherwise get pP\u0027 \u003c fP. This is a\nfail-safe permission check.\n\nFor some discussion of why it is problematic for (legacy) privileged\napplications to run with less than the set of capabilities requested for\nthem, see:\n\n http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html\n\nWith this iteration of this support, we do not include setuid-0 based\nprivilege protection from the bounding set. That is, the admin can still\n(ab)use the bounding set to suppress the privileges of a setuid-0 program.\n\n[akpm@linux-foundation.org: coding-style fixes]\n[akpm@linux-foundation.org: cleanup]\nSigned-off-by: Andrew G. Morgan \u003cmorgan@kernel.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "08a6fac1c63233c87eec129938022f1a9a4d51f6", "tree": "4fd7a2a906cf5ca0a42b3b8cb30351465f0f6cee", "parents": [ "5f719558edf9c84bfbb1f7ad37e84c483282d09f" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat May 10 16:38:25 2008 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 16 17:23:05 2008 -0400" }, "message": "[PATCH] get rid of leak in compat_execve()\n\nEven though copy_compat_strings() doesn\u0027t cache the pages,\ncopy_strings_kernel() and stuff indirectly called by e.g.\n-\u003eload_binary() is doing that, so we need to drop the\ncache contents in the end.\n\n[found by WANG Cong \u003cwangcong@zeuux.org\u003e]\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3a2e7f47d71e1df86acc1dda6826890b6546a4e1", "tree": "3c5856f67af25a80a4d934e754f437936c7b1bbf", "parents": [ "cbd9b67bd3883dff0ef4b8ec9229d315a9ba38f0" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Tue Apr 29 00:59:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:04 2008 -0700" }, "message": "binfmt_misc.c: avoid potential kernel stack overflow\n\nThis can be triggered with root help only, but...\n\nRegister the \":text:E::txt::/root/cat.txt:\u0027 rule in binfmt_misc (by root) and\ntry launching the cat.txt file (by anyone) :) The result is - the endless\nrecursion in the load_misc_binary -\u003e open_exec -\u003e load_misc_binary chain and\nstack overflow.\n\nThere\u0027s a similar problem with binfmt_script, and there\u0027s a sh_bang memner on\nlinux_binprm structure to handle this, but simply raising this in binfmt_misc\nmay break some setups when the interpreter of some misc binaries is a script.\n\nSo the proposal is to turn sh_bang into a bit, add a new one (the misc_bang)\nand raise it in load_misc_binary. After this, even if we set up the misc -\u003e\nscript -\u003e misc loop for binfmts one of them will step on its own bang and\nexit.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "175a06ae300188af8a61db68a78e1af44dc7d44f", "tree": "ed088932ad725985ead11fbf9e4cd7754af0dcc8", "parents": [ "ecd0fa9825a1270e31fb48bc9edcfb28918b6c51" ], "author": { "name": "Tetsuo Handa", "email": "penguin-kernel@i-love.sakura.ne.jp", "time": "Tue Apr 29 00:59:17 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:03 2008 -0700" }, "message": "exec: remove argv_len from struct linux_binprm\n\nI noticed that 2.6.24.2 calculates bprm-\u003eargv_len at do_execve(). But it\ndoesn\u0027t update bprm-\u003eargv_len after \"remove_arg_zero() +\ncopy_strings_kernel()\" at load_script() etc.\n\naudit_bprm() is called from search_binary_handler() and\nsearch_binary_handler() is called from load_script() etc. Thus, I think the\ncondition check\n\n if (bprm-\u003eargv_len \u003e (audit_argv_kb \u003c\u003c 10))\n return -E2BIG;\n\nin audit_bprm() might return wrong result when strlen(removed_arg) !\u003d\nstrlen(spliced_args). Why not update bprm-\u003eargv_len at load_script() etc. ?\n\nBy the way, 2.6.25-rc3 seems to not doing the condition check. Is the field\nbprm-\u003eargv_len no longer needed?\n\nSigned-off-by: Tetsuo Handa \u003cpenguin-kernel@I-love.SAKURA.ne.jp\u003e\nCc: Ollie Wild \u003caaw@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b53767719b6cd8789392ea3e7e2eb7b8906898f0", "tree": "a0279dc93c79b94d3865b0f19f6b7b353e20608c", "parents": [ "57c521ce6125e15e99e56c902cb8da96bee7b36d" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Oct 16 23:31:36 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:43:07 2007 -0700" }, "message": "Implement file posix capabilities\n\nImplement file posix capabilities. This allows programs to be given a\nsubset of root\u0027s powers regardless of who runs them, without having to use\nsetuid and giving the binary all of root\u0027s powers.\n\nThis version works with Kaigai Kohei\u0027s userspace tools, found at\nhttp://www.kaigai.gr.jp/index.php. For more information on how to use this\npatch, Chris Friedhoff has posted a nice page at\nhttp://www.friedhoff.org/fscaps.html.\n\nChangelog:\n\tNov 27:\n\tIncorporate fixes from Andrew Morton\n\t(security-introduce-file-caps-tweaks and\n\tsecurity-introduce-file-caps-warning-fix)\n\tFix Kconfig dependency.\n\tFix change signaling behavior when file caps are not compiled in.\n\n\tNov 13:\n\tIntegrate comments from Alexey: Remove CONFIG_ ifdef from\n\tcapability.h, and use %zd for printing a size_t.\n\n\tNov 13:\n\tFix endianness warnings by sparse as suggested by Alexey\n\tDobriyan.\n\n\tNov 09:\n\tAddress warnings of unused variables at cap_bprm_set_security\n\twhen file capabilities are disabled, and simultaneously clean\n\tup the code a little, by pulling the new code into a helper\n\tfunction.\n\n\tNov 08:\n\tFor pointers to required userspace tools and how to use\n\tthem, see http://www.friedhoff.org/fscaps.html.\n\n\tNov 07:\n\tFix the calculation of the highest bit checked in\n\tcheck_cap_sanity().\n\n\tNov 07:\n\tAllow file caps to be enabled without CONFIG_SECURITY, since\n\tcapabilities are the default.\n\tHook cap_task_setscheduler when !CONFIG_SECURITY.\n\tMove capable(TASK_KILL) to end of cap_task_kill to reduce\n\taudit messages.\n\n\tNov 05:\n\tAdd secondary calls in selinux/hooks.c to task_setioprio and\n\ttask_setscheduler so that selinux and capabilities with file\n\tcap support can be stacked.\n\n\tSep 05:\n\tAs Seth Arnold points out, uid checks are out of place\n\tfor capability code.\n\n\tSep 01:\n\tDefine task_setscheduler, task_setioprio, cap_task_kill, and\n\ttask_setnice to make sure a user cannot affect a process in which\n\tthey called a program with some fscaps.\n\n\tOne remaining question is the note under task_setscheduler: are we\n\tok with CAP_SYS_NICE being sufficient to confine a process to a\n\tcpuset?\n\n\tIt is a semantic change, as without fsccaps, attach_task doesn\u0027t\n\tallow CAP_SYS_NICE to override the uid equivalence check. But since\n\tit uses security_task_setscheduler, which elsewhere is used where\n\tCAP_SYS_NICE can be used to override the uid equivalence check,\n\tfixing it might be tough.\n\n\t task_setscheduler\n\t\t note: this also controls cpuset:attach_task. Are we ok with\n\t\t CAP_SYS_NICE being used to confine to a cpuset?\n\t task_setioprio\n\t task_setnice\n\t\t sys_setpriority uses this (through set_one_prio) for another\n\t\t process. Need same checks as setrlimit\n\n\tAug 21:\n\tUpdated secureexec implementation to reflect the fact that\n\teuid and uid might be the same and nonzero, but the process\n\tmight still have elevated caps.\n\n\tAug 15:\n\tHandle endianness of xattrs.\n\tEnforce capability version match between kernel and disk.\n\tEnforce that no bits beyond the known max capability are\n\tset, else return -EPERM.\n\tWith this extra processing, it may be worth reconsidering\n\tdoing all the work at bprm_set_security rather than\n\td_instantiate.\n\n\tAug 10:\n\tAlways call getxattr at bprm_set_security, rather than\n\tcaching it at d_instantiate.\n\n[morgan@kernel.org: file-caps clean up for linux/capability.h]\n[bunk@kernel.org: unexport cap_inode_killpriv]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Andrew Morgan \u003cmorgan@kernel.org\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7dc0b22e3c54f1f4730354fef84a20f5944f6c5e", "tree": "8b281ed3315699eb0b21f00b5933b6222add5b5a", "parents": [ "8e2b705649e294f43a8cd1ea79e4c594c0bd1d9d" ], "author": { "name": "Neil Horman", "email": "nhorman@tuxdriver.com", "time": "Tue Oct 16 23:26:34 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:50 2007 -0700" }, "message": "core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe\n\nFor some time /proc/sys/kernel/core_pattern has been able to set its output\ndestination as a pipe, allowing a user space helper to receive and\nintellegently process a core. This infrastructure however has some\nshortcommings which can be enhanced. Specifically:\n\n1) The coredump code in the kernel should ignore RLIMIT_CORE limitation\n when core_pattern is a pipe, since file system resources are not being\n consumed in this case, unless the user application wishes to save the core,\n at which point the app is restricted by usual file system limits and\n restrictions.\n\n2) The core_pattern code should be able to parse and pass options to the\n user space helper as an argv array. The real core limit of the uid of the\n crashing proces should also be passable to the user space helper (since it\n is overridden to zero when called).\n\n3) Some miscellaneous bugs need to be cleaned up (specifically the\n recognition of a recursive core dump, should the user mode helper itself\n crash. Also, the core dump code in the kernel should not wait for the user\n mode helper to exit, since the same context is responsible for writing to\n the pipe, and a read of the pipe by the user mode helper will result in a\n deadlock.\n\nThis patch:\n\nRemove the check of RLIMIT_CORE if core_pattern is a pipe. In the event that\ncore_pattern is a pipe, the entire core will be fed to the user mode helper.\n\nSigned-off-by: Neil Horman \u003cnhorman@tuxdriver.com\u003e\nCc: \u003cmartin.pitt@ubuntu.com\u003e\nCc: \u003cwwoods@redhat.com\u003e\nCc: Jeremy Fitzhardinge \u003cjeremy@goop.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f6b450d489f2fb4e909447beacad64edb8aa0cda", "tree": "85240acdf3d5c1cb2f193a72c99e24789acc0a0e", "parents": [ "e4dc1b14d8dc57c3975bf69740e4f5cda6bfba09" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@sw.ru", "time": "Tue Oct 16 23:26:04 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:46 2007 -0700" }, "message": "Make unregister_binfmt() return void\n\nlist_del() hardly can fail, so checking for return value is pointless\n(and current code always return 0).\n\nNobody really cared that return value anyway.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e4dc1b14d8dc57c3975bf69740e4f5cda6bfba09", "tree": "084771b19ecb4335c31cdd91093f7a02b7861e69", "parents": [ "deba0f49b9345f885a53a077623a68cef89c01d5" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@sw.ru", "time": "Tue Oct 16 23:26:03 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:46 2007 -0700" }, "message": "Use list_head in binfmt handling\n\nSwitch single-linked binfmt formats list to usual list_head\u0027s. This leads\nto one-liners in register_binfmt() and unregister_binfmt(). The downside\nis one pointer more in struct linux_binfmt. This is not a problem, since\nthe set of registered binfmts on typical box is very small -- (ELF +\nsomething distro enabled for you).\n\nTest-booted, played with executable .txt files, modprobe/rmmod binfmt_misc.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b6a2fea39318e43fee84fa7b0b90d68bed92d2ba", "tree": "c9c3619cb2730b5c10c7427b837146bce3d69156", "parents": [ "bdf4c48af20a3b0f01671799ace345e3d49576da" ], "author": { "name": "Ollie Wild", "email": "aaw@google.com", "time": "Thu Jul 19 01:48:16 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:45 2007 -0700" }, "message": "mm: variable length argument support\n\nRemove the arg+env limit of MAX_ARG_PAGES by copying the strings directly from\nthe old mm into the new mm.\n\nWe create the new mm before the binfmt code runs, and place the new stack at\nthe very top of the address space. Once the binfmt code runs and figures out\nwhere the stack should be, we move it downwards.\n\nIt is a bit peculiar in that we have one task with two mm\u0027s, one of which is\ninactive.\n\n[a.p.zijlstra@chello.nl: limit stack size]\nSigned-off-by: Ollie Wild \u003caaw@google.com\u003e\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nCc: \u003clinux-arch@vger.kernel.org\u003e\nCc: Hugh Dickins \u003chugh@veritas.com\u003e\n[bunk@stusta.de: unexport bprm_mm_init]\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bdf4c48af20a3b0f01671799ace345e3d49576da", "tree": "7c3b903d2de1cba6e212ad6f347bc8742b08035a", "parents": [ "b111757c50ee30dad162192df6168e270a90c252" ], "author": { "name": "Peter Zijlstra", "email": "a.p.zijlstra@chello.nl", "time": "Thu Jul 19 01:48:15 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu Jul 19 10:04:45 2007 -0700" }, "message": "audit: rework execve audit\n\nThe purpose of audit_bprm() is to log the argv array to a userspace daemon at\nthe end of the execve system call. Since user-space hasn\u0027t had time to run,\nthis array is still in pristine state on the process\u0027 stack; so no need to\ncopy it, we can just grab it from there.\n\nIn order to minimize the damage to audit_log_*() copy each string into a\ntemporary kernel buffer first.\n\nCurrently the audit code requires that the full argument vector fits in a\nsingle packet. So currently it does clip the argv size to a (sysctl) limit,\nbut only when execve auditing is enabled.\n\nIf the audit protocol gets extended to allow for multiple packets this check\ncan be removed.\n\nSigned-off-by: Peter Zijlstra \u003ca.p.zijlstra@chello.nl\u003e\nSigned-off-by: Ollie Wild \u003caaw@google.com\u003e\nCc: \u003clinux-audit@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "71ce92f3fa442069670a52fa6230a6064c4517b3", "tree": "30fec3491b9655040d90c810785ce7e843a90f93", "parents": [ "bc88d5d4e18add7283770ead2734b601c50b3e2a" ], "author": { "name": "Dan Aloni", "email": "da-x@monatomic.org", "time": "Wed May 16 22:11:16 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Thu May 17 05:23:05 2007 -0700" }, "message": "make sysctl/kernel/core_pattern and fs/exec.c agree on maximum core filename size\n\nMake sysctl/kernel/core_pattern and fs/exec.c agree on maximum core\nfilename size and change it to 128, so that extensive patterns such as\n\u0027/local/cores/%e-%h-%s-%t-%p.core\u0027 won\u0027t result in truncated filename\ngeneration.\n\nSigned-off-by: Dan Aloni \u003cda-x@monatomic.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9fbbd4dd17d0712054368e5e939e28b2456bfe1b", "tree": "778766e35c52529ed0fc369ce1c3cf9382fc6e16", "parents": [ "120fad72401ebec2a126c16cc48f56c28f3eefe2" ], "author": { "name": "Andi Kleen", "email": "ak@suse.de", "time": "Tue Feb 13 13:26:26 2007 +0100" }, "committer": { "name": "Andi Kleen", "email": "andi@basil.nowhere.org", "time": "Tue Feb 13 13:26:26 2007 +0100" }, "message": "[PATCH] x86: Don\u0027t require the vDSO for handling a.out signals\n\nand in other strange binfmts. vDSO is not necessarily mapped there.\n\nSigned-off-by: Andi Kleen \u003cak@suse.de\u003e\n" }, { "commit": "d6e711448137ca3301512cec41a2c2ce852b3d0a", "tree": "f0765ebd90fdbdf270c05fcd7f3d32b24ba56681", "parents": [ "8b0914ea7475615c7c8965c1ac8fe4069270f25c" ], "author": { "name": "Alan Cox", "email": "alan@lxorguk.ukuu.org.uk", "time": "Thu Jun 23 00:09:43 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu Jun 23 09:45:26 2005 -0700" }, "message": "[PATCH] setuid core dump\n\nAdd a new `suid_dumpable\u0027 sysctl:\n\nThis value can be used to query and set the core dump mode for setuid\nor otherwise protected/tainted binaries. The modes are\n\n0 - (default) - traditional behaviour. Any process which has changed\n privilege levels or is execute only will not be dumped\n\n1 - (debug) - all processes dump core when possible. The core dump is\n owned by the current user and no security is applied. This is intended\n for system debugging situations only. Ptrace is unchecked.\n\n2 - (suidsafe) - any binary which normally would not be dumped is dumped\n readable by root only. This allows the end user to remove such a dump but\n not access it directly. For security reasons core dumps in this mode will\n not overwrite one another or other files. This mode is appropriate when\n adminstrators are attempting to debug problems in a normal environment.\n\n(akpm:\n\n\u003e \u003e +EXPORT_SYMBOL(suid_dumpable);\n\u003e\n\u003e EXPORT_SYMBOL_GPL?\n\nNo problem to me.\n\n\u003e \u003e \tif (current-\u003eeuid \u003d\u003d current-\u003euid \u0026\u0026 current-\u003eegid \u003d\u003d current-\u003egid)\n\u003e \u003e \t\tcurrent-\u003emm-\u003edumpable \u003d 1;\n\u003e\n\u003e Should this be SUID_DUMP_USER?\n\nActually the feedback I had from last time was that the SUID_ defines\nshould go because its clearer to follow the numbers. They can go\neverywhere (and there are lots of places where dumpable is tested/used\nas a bool in untouched code)\n\n\u003e Maybe this should be renamed to `dump_policy\u0027 or something. Doing that\n\u003e would help us catch any code which isn\u0027t using the #defines, too.\n\nFair comment. The patch was designed to be easy to maintain for Red Hat\nrather than for merging. Changing that field would create a gigantic\ndiff because it is used all over the place.\n\n)\n\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "75c96f85845a6707b0f9916cb263cb3584f7d48f", "tree": "45a64d1c9bb71d7093db3a11e0f21465c2e3dec6", "parents": [ "5e198d94dd0c3ec7f6138229e2e412c2c6268c38" ], "author": { "name": "Adrian Bunk", "email": "bunk@stusta.de", "time": "Thu May 05 16:16:09 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Thu May 05 16:36:47 2005 -0700" }, "message": "[PATCH] make some things static\n\nThis patch makes some needlessly global identifiers static.\n\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nAcked-by: Arjan van de Ven \u003carjanv@infradead.org\u003e\nAcked-by: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }