| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110207152330.3771a11c.akpm@linux-foundation.org> Date: Mon, 7 Feb 2011 15:23:30 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: David Howells <dhowells@...hat.com> Cc: torvalds@...ux-foundation.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Subject: Re: [PATCH 1/2] CRED: Fix BUG() upon security_cred_alloc_blank() failure On Mon, 07 Feb 2011 13:36:10 +0000 David Howells <dhowells@...hat.com> wrote: > In cred_alloc_blank() since 2.6.32, abort_creds(new) is called with > new->security == NULL and new->magic == 0 when security_cred_alloc_blank() > returns an error. As a result, BUG() will be triggered if SELinux is enabled > or CONFIG_DEBUG_CREDENTIALS=y. > > If CONFIG_DEBUG_CREDENTIALS=y, BUG() is called from __invalid_creds() because > cred->magic == 0. Failing that, BUG() is called from selinux_cred_free() > because selinux_cred_free() is not expecting cred->security == NULL. This does > not affect smack_cred_free(), tomoyo_cred_free() or apparmor_cred_free(). > > Fix these bugs by > > (1) Set new->magic before calling security_cred_alloc_blank(). > > (2) Handle null cred->security in creds_are_invalid() and selinux_cred_free(). You don't feel that these two patches should be backported into -stable? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists