All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Set cred->user_ns in key_replace_session_keyring
@ 2011-05-26 20:25 Serge E. Hallyn
  2011-05-26 20:31 ` Linus Torvalds
  0 siblings, 1 reply; 5+ messages in thread
From: Serge E. Hallyn @ 2011-05-26 20:25 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: Robert Święcki, David Howells, lkml

Since this cred was not created with copy_creds(), it needs to get
initialized.  Otherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);
can lead to a NULL deref.  Thanks to Robert for finding this.

Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Reported-by: Robert Święcki <robert@swiecki.net>
Cc: David Howells <dhowells@redhat.com>
---
 security/keys/process_keys.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 6c0480d..92a3a5d 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -847,6 +847,7 @@ void key_replace_session_keyring(void)
 	new-> sgid	= old-> sgid;
 	new->fsgid	= old->fsgid;
 	new->user	= get_uid(old->user);
+	new->user_ns	= new->user->user_ns;
 	new->group_info	= get_group_info(old->group_info);
 
 	new->securebits	= old->securebits;
-- 
1.7.0.4


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] Set cred->user_ns in key_replace_session_keyring
  2011-05-26 20:25 [PATCH] Set cred->user_ns in key_replace_session_keyring Serge E. Hallyn
@ 2011-05-26 20:31 ` Linus Torvalds
  2011-05-26 20:38   ` Serge E. Hallyn
  0 siblings, 1 reply; 5+ messages in thread
From: Linus Torvalds @ 2011-05-26 20:31 UTC (permalink / raw)
  To: Serge E. Hallyn; +Cc: Robert Święcki, David Howells, lkml

Shouldn't this also be "Cc: stable" for 2.6.39?

Bug introduced by commit 47a150edc2a, no?

                Linus

On Thu, May 26, 2011 at 1:25 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> Since this cred was not created with copy_creds(), it needs to get
> initialized.  Otherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);
> can lead to a NULL deref.  Thanks to Robert for finding this.
>
> Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
> Reported-by: Robert Święcki <robert@swiecki.net>
> Cc: David Howells <dhowells@redhat.com>
> ---
>  security/keys/process_keys.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index 6c0480d..92a3a5d 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -847,6 +847,7 @@ void key_replace_session_keyring(void)
>        new-> sgid      = old-> sgid;
>        new->fsgid      = old->fsgid;
>        new->user       = get_uid(old->user);
> +       new->user_ns    = new->user->user_ns;
>        new->group_info = get_group_info(old->group_info);
>
>        new->securebits = old->securebits;
> --
> 1.7.0.4
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Set cred->user_ns in key_replace_session_keyring
  2011-05-26 20:31 ` Linus Torvalds
@ 2011-05-26 20:38   ` Serge E. Hallyn
  2011-05-26 20:40     ` Linus Torvalds
  0 siblings, 1 reply; 5+ messages in thread
From: Serge E. Hallyn @ 2011-05-26 20:38 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Serge E. Hallyn, Robert Święcki, David Howells, lkml, stable

Quoting Linus Torvalds (torvalds@linux-foundation.org):
> Shouldn't this also be "Cc: stable" for 2.6.39?
> 
> Bug introduced by commit 47a150edc2a, no?

Yup, introduced there.

Stable/whoever, should I re-send this patch separately, or does this suffice?

thanks,
-serge

>                 Linus
> 
> On Thu, May 26, 2011 at 1:25 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> > Since this cred was not created with copy_creds(), it needs to get
> > initialized.  Otherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);
> > can lead to a NULL deref.  Thanks to Robert for finding this.
> >
> > Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
> > Reported-by: Robert Święcki <robert@swiecki.net>
> > Cc: David Howells <dhowells@redhat.com>
> > ---
> >  security/keys/process_keys.c |    1 +
> >  1 files changed, 1 insertions(+), 0 deletions(-)
> >
> > diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> > index 6c0480d..92a3a5d 100644
> > --- a/security/keys/process_keys.c
> > +++ b/security/keys/process_keys.c
> > @@ -847,6 +847,7 @@ void key_replace_session_keyring(void)
> >        new-> sgid      = old-> sgid;
> >        new->fsgid      = old->fsgid;
> >        new->user       = get_uid(old->user);
> > +       new->user_ns    = new->user->user_ns;
> >        new->group_info = get_group_info(old->group_info);
> >
> >        new->securebits = old->securebits;
> > --
> > 1.7.0.4
> >
> >

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Set cred->user_ns in key_replace_session_keyring
  2011-05-26 20:38   ` Serge E. Hallyn
@ 2011-05-26 20:40     ` Linus Torvalds
  2011-05-27  0:04       ` Serge E. Hallyn
  0 siblings, 1 reply; 5+ messages in thread
From: Linus Torvalds @ 2011-05-26 20:40 UTC (permalink / raw)
  To: Serge E. Hallyn; +Cc: Robert Święcki, David Howells, lkml, stable

On Thu, May 26, 2011 at 1:38 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
>
> Stable/whoever, should I re-send this patch separately, or does this suffice?

I'll add the Cc and update the description to point to the commit it
was introduced in, and it will all be fine. Then the stable team will
get it automatically when I push out.

                          Linus

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Set cred->user_ns in key_replace_session_keyring
  2011-05-26 20:40     ` Linus Torvalds
@ 2011-05-27  0:04       ` Serge E. Hallyn
  0 siblings, 0 replies; 5+ messages in thread
From: Serge E. Hallyn @ 2011-05-27  0:04 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Serge E. Hallyn, Robert Święcki, David Howells, lkml, stable

Quoting Linus Torvalds (torvalds@linux-foundation.org):
> On Thu, May 26, 2011 at 1:38 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> >
> > Stable/whoever, should I re-send this patch separately, or does this suffice?
> 
> I'll add the Cc and update the description to point to the commit it
> was introduced in, and it will all be fine. Then the stable team will
> get it automatically when I push out.
> 
>                           Linus

Thanks very much.  (I see now)

-serge

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-05-27  0:04 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-26 20:25 [PATCH] Set cred->user_ns in key_replace_session_keyring Serge E. Hallyn
2011-05-26 20:31 ` Linus Torvalds
2011-05-26 20:38   ` Serge E. Hallyn
2011-05-26 20:40     ` Linus Torvalds
2011-05-27  0:04       ` Serge E. Hallyn

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.