evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/security/keys
History
Eric Biggers 52f6c8da89 KEYS: restrict /proc/keys by credentials at open time 
commit 4aa68e07d845562561f5e73c04aa521376e95252 upstream.

When checking for permission to view keys whilst reading from
/proc/keys, we should use the credentials with which the /proc/keys file
was opened.  This is because, in a classic type of exploit, it can be
possible to bypass checks for the *current* credentials by passing the
file descriptor to a suid program.

Following commit 34dbbcdbf633 ("Make file credentials available to the
seqfile interfaces") we can finally fix it.  So let's do it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-23 08:44:29 +01:00
..
encrypted-keys KEYS: encrypted: fix buffer overread in valid_master_desc() 2018-02-16 20:09:38 +01:00
big_key.c KEYS: Fix race between updating and finding a negative key 2017-10-27 10:23:18 +02:00
compat.c switch keyctl_instantiate_key_common() to iov_iter 2015-04-11 22:27:12 -04:00
gc.c KEYS: Fix race between updating and finding a negative key 2017-10-27 10:23:18 +02:00
internal.h KEYS: prevent creating a different user's keyrings 2017-10-05 09:41:45 +02:00
Kconfig security/keys: add CONFIG_KEYS_COMPAT to Kconfig 2017-11-18 11:11:07 +01:00
key.c KEYS: allow reaching the keys quotas exactly 2019-03-23 08:44:15 +01:00
keyctl.c KEYS: Fix race between updating and finding a negative key 2017-10-27 10:23:18 +02:00
keyring.c KEYS: always initialize keyring_index_key::desc_len 2019-03-23 08:44:17 +01:00
Makefile KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches 2013-09-24 10:35:19 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
proc.c KEYS: restrict /proc/keys by credentials at open time 2019-03-23 08:44:29 +01:00
process_keys.c KEYS: put keyring if install_session_keyring_to_cred() fails 2018-11-10 07:41:34 -08:00
request_key.c KEYS: always initialize keyring_index_key::desc_len 2019-03-23 08:44:17 +01:00
request_key_auth.c KEYS: always initialize keyring_index_key::desc_len 2019-03-23 08:44:17 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c KEYS: trusted: fix writing past end of buffer in trusted_read() 2017-11-15 17:13:11 +01:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: Fix race between updating and finding a negative key 2017-10-27 10:23:18 +02:00