shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 03:50:24 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
273104dca41b899d594dd05b819fa4bc99e8564b
linux/security/keys
History
Eric Biggers d19182e28c KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings 
commit c9f838d104 upstream.

This fixes CVE-2017-7472.

Running the following program as an unprivileged user exhausts kernel
memory by leaking thread keyrings:

	#include <keyutils.h>

	int main()
	{
		for (;;)
			keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING);
	}

Fix it by only creating a new thread keyring if there wasn't one before.
To make things more consistent, make install_thread_keyring_to_cred()
and install_process_keyring_to_cred() both return 0 if the corresponding
keyring is already present.

Fixes: d84f4f992c ("CRED: Inaugurate COW credentials")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2017-06-08 00:46:48 +02:00
..
encrypted-keys
KEYS: Fix stale key registration at error path
2015-01-08 09:58:16 -08:00
compat.c
Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys
2013-03-12 11:05:45 -07:00
gc.c
KEYS: Change the name of the dead type to ".dead" to prevent user access
2017-06-08 00:46:48 +02:00
internal.h
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
Kconfig
KEYS: Move the key config into security/keys/Kconfig
2012-05-11 10:56:56 +01:00
key.c
KEYS: potential uninitialized variable
2016-08-21 23:22:36 +02:00
keyctl.c
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
2017-06-08 00:46:48 +02:00
keyring.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2012-12-16 15:40:50 -08:00
Makefile
KEYS: Reorganise keys Makefile
2012-05-11 10:56:56 +01:00
permission.c
userns: Convert security/keys to the new userns infrastructure
2012-09-13 18:28:02 -07:00
proc.c
KEYS: Fix short sprintf buffer in /proc/keys show function
2017-02-10 11:04:04 +01:00
process_keys.c
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
2017-06-08 00:46:48 +02:00
request_key_auth.c
KEYS: Add payload preparsing opportunity prior to key instantiate or update
2012-10-08 13:49:48 +10:30
request_key.c
KEYS: split call to call_usermodehelper_fns()
2013-04-30 17:04:06 -07:00
sysctl.c
sysctl: Drop & in front of every proc_handler.
2009-11-18 08:37:40 -08:00
trusted.c
Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
2012-10-14 13:39:34 -07:00
trusted.h
trusted-keys: rename trusted_defined files to trusted
2011-01-24 10:14:22 +11:00
user_defined.c
KEYS: Add payload preparsing opportunity prior to key instantiate or update
2012-10-08 13:49:48 +10:30