MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-21 07:30:16 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/linux-3.12.y
linux-imx/security
History
Eric Biggers e5b32c157b KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings 
commit c9f838d104 upstream.

This fixes CVE-2017-7472.

Running the following program as an unprivileged user exhausts kernel
memory by leaking thread keyrings:

	#include <keyutils.h>

	int main()
	{
		for (;;)
			keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING);
	}

Fix it by only creating a new thread keyring if there wasn't one before.
To make things more consistent, make install_thread_keyring_to_cred()
and install_process_keyring_to_cred() both return 0 if the corresponding
keyring is already present.

Fixes: d84f4f992c ("CRED: Inaugurate COW credentials")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2017-05-09 08:19:32 +02:00
..
apparmor apparmor: do not expose kernel stack 2017-01-27 11:16:15 +01:00
integrity EVM: Use crypto_memneq() for digest comparisons 2016-04-23 09:24:43 +02:00
keys KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings 2017-05-09 08:19:32 +02:00
selinux selinux: fix off-by-one in setprocattr 2017-02-16 11:44:42 +01:00
smack Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-09-07 14:34:07 -07:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama security: let security modules use PTRACE_MODE_* with bitmasks 2016-10-07 13:10:20 +02:00
capability.c xattr: Constify ->name member of "struct xattr". 2013-07-25 19:30:03 +10:00
commoncap.c ptrace: use fsuid, fsgid, effective creds for fs access checks 2016-02-24 10:23:22 +01:00
device_cgroup.c device_cgroup: check if exception removal is allowed 2014-06-09 15:53:24 +02:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c lsm: copy comm before calling audit_log to avoid race in string printing 2015-06-10 15:20:26 +02:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c xattr: Constify ->name member of "struct xattr". 2013-07-25 19:30:03 +10:00