[kernel] r12288 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Bastian Blank
waldi at alioth.debian.org
Mon Oct 6 16:47:45 UTC 2008
Author: waldi
Date: Mon Oct 6 16:47:42 2008
New Revision: 12288
Log:
Fix access to uninitialized user keyring.
* debian/changelog: Update.
* debian/patches/bugfix/all/security-keys-init-user-keyring.patch: Add.
* debian/patches/series/8: Add new patch.
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/security-keys-init-user-keyring.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/8
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Mon Oct 6 16:47:42 2008
@@ -4,7 +4,8 @@
* [x86] Fix broken LDT access in VMI (CVE-2008-4410)
[ Bastian Blank ]
- * [i386] Restrict the usage of long NOPs.
+ * [i386] Restrict the usage of long NOPs. (closes: #464962)
+ * Fix access to uninitialized user keyring. (closes: #500279)
-- dann frazier <dannf at debian.org> Fri, 03 Oct 2008 17:38:31 -0600
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/security-keys-init-user-keyring.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/security-keys-init-user-keyring.patch Mon Oct 6 16:47:42 2008
@@ -0,0 +1,40 @@
+diff --git a/security/keys/internal.h b/security/keys/internal.h
+index 8c05587..2bdfacc 100644
+--- a/security/keys/internal.h
++++ b/security/keys/internal.h
+@@ -108,6 +108,7 @@ extern key_ref_t search_process_keyrings(struct key_type *type,
+
+ extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
+
++extern int install_user_keyrings(struct task_struct *tsk);
+ extern int install_thread_keyring(struct task_struct *tsk);
+ extern int install_process_keyring(struct task_struct *tsk);
+
+diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
+index 5be6d01..45b240a 100644
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -40,7 +40,7 @@ struct key_user root_key_user = {
+ /*
+ * install user and user session keyrings for a particular UID
+ */
+-static int install_user_keyrings(struct task_struct *tsk)
++int install_user_keyrings(struct task_struct *tsk)
+ {
+ struct user_struct *user = tsk->user;
+ struct key *uid_keyring, *session_keyring;
+diff --git a/security/keys/request_key.c b/security/keys/request_key.c
+index ba32ca6..abea08f 100644
+--- a/security/keys/request_key.c
++++ b/security/keys/request_key.c
+@@ -74,6 +74,10 @@ static int call_sbin_request_key(struct key_construction *cons,
+
+ kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
+
++ ret = install_user_keyrings(tsk);
++ if (ret < 0)
++ goto error_alloc;
++
+ /* allocate a new session keyring */
+ sprintf(desc, "_req.%u", key->serial);
+
Modified: dists/sid/linux-2.6/debian/patches/series/8
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/8 (original)
+++ dists/sid/linux-2.6/debian/patches/series/8 Mon Oct 6 16:47:42 2008
@@ -1,2 +1,3 @@
+ bugfix/x86/fix-broken-LDT-access-in-VMI.patch
+ bugfix/x86/restrict-long-nops.patch
++ bugfix/all/security-keys-init-user-keyring.patch
More information about the Kernel-svn-changes
mailing list