| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 May 2021 11:50:14 +0100
From: David Howells <dhowells@...hat.com>
To: Yang Li <yang.lee@...ux.alibaba.com>
Cc: dhowells@...hat.com, jarkko@...nel.org, jmorris@...ei.org,
serge@...lyn.com, nathan@...nel.org, ndesaulniers@...gle.com,
keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH] Keys: Remove redundant initialization of cred
Yang Li <yang.lee@...ux.alibaba.com> wrote:
> - const struct cred *cred = current_cred();
> + const struct cred *cred;
Good catch, but it's probably the wrong fix.
In that function, there is:
const struct cred *cred = current_cred();
...
cred = get_current_cred();
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, ...);
put_cred(cred);
...
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
...
So we get the creds again, but with a ref, and then drop after calling
keyring_alloc()... and then access cred again, which is dodgy - but we get
away with it because cred is still pinned by our task_struct.
I think what is actually needed is to remove the get_current_cred() and the
put_cred() calls, in which case, you want this:
Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials")
David
Powered by blists - more mailing lists