| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Apr 2017 17:11:57 +0100
From: David Howells <dhowells@...hat.com>
To: jmorris@...ei.org
Cc: dhowells@...hat.com, keyrings@...r.kernel.org,
torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org,
linux-security-modules@...r.kernel.org
Subject: [PATCH 0/3] KEYS: Fixes
Hi James,
Can you pass these patches onto Linus, please?
(1) Disallow keyrings whose name begins with a '.' to be joined
[CVE-2016-9604].
(2) Change the name of the dead type to ".dead" to prevent user access
[CVE-2017-6951].
(3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings
[CVE-2017-7472].
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
Tagged thusly:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
keys-fixes-20170419
David
---
David Howells (2):
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
Eric Biggers (1):
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
security/keys/gc.c | 2 +-
security/keys/keyctl.c | 20 +++++++++++--------
security/keys/process_keys.c | 44 ++++++++++++++++++++++++++----------------
3 files changed, 39 insertions(+), 27 deletions(-)
Powered by blists - more mailing lists