Re: [PATCH] Set cred->user_ns in key_replace_session_keyring
From: Linus Torvalds
Date: Thu May 26 2011 - 16:32:50 EST
Shouldn't this also be "Cc: stable" for 2.6.39?
Bug introduced by commit 47a150edc2a, no?
Linus
On Thu, May 26, 2011 at 1:25 PM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> Since this cred was not created with copy_creds(), it needs to get
> initialized. ÂOtherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);
> can lead to a NULL deref. ÂThanks to Robert for finding this.
>
> Signed-off-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> Reported-by: Robert ÅwiÄcki <robert@xxxxxxxxxxx>
> Cc: David Howells <dhowells@xxxxxxxxxx>
> ---
> Âsecurity/keys/process_keys.c | Â Â1 +
> Â1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index 6c0480d..92a3a5d 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -847,6 +847,7 @@ void key_replace_session_keyring(void)
>    Ânew-> sgid   Â= old-> sgid;
>    Ânew->fsgid   Â= old->fsgid;
>    Ânew->user    = get_uid(old->user);
> +    new->user_ns  Â=Ânew->user->user_ns;
> Â Â Â Ânew->group_info = get_group_info(old->group_info);
>
> Â Â Â Ânew->securebits = old->securebits;
> --
> 1.7.0.4
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/