evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/include
History
Eric Biggers 539255aea8 KEYS: prevent creating a different user's keyrings 
commit 237bbd29f7a049d310d907f4b2716a7feef9abf3 upstream.

It was possible for an unprivileged user to create the user and user
session keyrings for another user.  For example:

    sudo -u '#3000' sh -c 'keyctl add keyring _uid.4000 "" @u
                           keyctl add keyring _uid_ses.4000 "" @u
                           sleep 15' &
    sleep 1
    sudo -u '#4000' keyctl describe @u
    sudo -u '#4000' keyctl describe @us

This is problematic because these "fake" keyrings won't have the right
permissions.  In particular, the user who created them first will own
them and will have full access to them via the possessor permissions,
which can be used to compromise the security of a user's keys:

    -4: alswrv-----v------------  3000     0 keyring: _uid.4000
    -5: alswrv-----v------------  3000     0 keyring: _uid_ses.4000

Fix it by marking user and user session keyrings with a flag
KEY_FLAG_UID_KEYRING.  Then, when searching for a user or user session
keyring by name, skip all keyrings that don't have the flag set.

Fixes: 69664cf16a ("keys: don't generate user and user session keyrings unless they're accessed")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-05 09:41:45 +02:00
..
acpi Merge branch 'acpi-pci' 2015-11-07 01:30:10 +01:00
asm-generic cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs 2017-09-07 08:34:09 +02:00
clocksource
crypto crypto: ahash - Fix EINPROGRESS notification callback 2017-04-21 09:30:06 +02:00
drm drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces 2017-04-12 12:38:33 +02:00
dt-bindings ARM: DT updates for v4.4 2015-11-10 15:06:26 -08:00
keys
kvm KVM: arm/arm64: arch_timer: Preserve physical dist. active state on LR.active 2015-11-24 18:07:40 +01:00
linux KEYS: prevent creating a different user's keyrings 2017-10-05 09:41:45 +02:00
math-emu
media videobuf2-core: Check user space planes array in dqbuf 2016-05-04 14:48:50 -07:00
memory
misc
net Revert "net: fix percpu memory leaks" 2017-09-27 11:00:11 +02:00
pcmcia
ras
rdma RDMA/core: Fix incorrect structure packing for booleans 2017-03-12 06:37:29 +01:00
rxrpc
scsi scsi: libiscsi: add lock around task lists to fix list corruption regression 2017-03-26 12:13:19 +02:00
soc ARM: at91: define LPDDR types 2017-03-12 06:37:24 +01:00
sound ALSA: rawmidi: Make snd_rawmidi_transmit() race-free 2016-02-17 12:30:58 -08:00
target iscsi-target: Fix iscsi_np reset hung task during parallel delete 2017-08-16 13:40:28 -07:00
trace tracing: Add #undef to fix compile error 2017-03-18 19:09:57 +08:00
uapi USB: hub: fix SS max number of ports 2017-06-26 07:13:09 +02:00
video drm/imx: Match imx-ipuv3-crtc components using device node in platform data 2016-06-07 18:14:37 -07:00
xen xen: Fix page <-> pfn conversion on 32 bit systems 2016-05-11 11:21:14 +02:00
Kbuild