lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2499883.1620730214@warthog.procyon.org.uk>
Date:   Tue, 11 May 2021 11:50:14 +0100
From:   David Howells <dhowells@...hat.com>
To:     Yang Li <yang.lee@...ux.alibaba.com>
Cc:     dhowells@...hat.com, jarkko@...nel.org, jmorris@...ei.org,
        serge@...lyn.com, nathan@...nel.org, ndesaulniers@...gle.com,
        keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH] Keys: Remove redundant initialization of cred

Yang Li <yang.lee@...ux.alibaba.com> wrote:

> -	const struct cred *cred = current_cred();
> +	const struct cred *cred;

Good catch, but it's probably the wrong fix.

In that function, there is:

	const struct cred *cred = current_cred();
	...
	cred = get_current_cred();
	keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, ...);
	put_cred(cred);
	...
	sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
	...

So we get the creds again, but with a ref, and then drop after calling
keyring_alloc()... and then access cred again, which is dodgy - but we get
away with it because cred is still pinned by our task_struct.

I think what is actually needed is to remove the get_current_cred() and the
put_cred() calls, in which case, you want this:

	Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials")

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ