mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
50 lines
1.5 KiB
Diff
50 lines
1.5 KiB
Diff
|
From 44d6e10f77095133e3882529a16b686b2305e6b0 Mon Sep 17 00:00:00 2001
|
||
|
From: David Howells <dhowells@redhat.com>
|
||
|
Date: Tue, 18 Apr 2017 15:31:08 +0100
|
||
|
Subject: KEYS: Change the name of the dead type to ".dead" to prevent user
|
||
|
access
|
||
|
|
||
|
commit c1644fe041ebaf6519f6809146a77c3ead9193af upstream.
|
||
|
|
||
|
This fixes CVE-2017-6951.
|
||
|
|
||
|
Userspace should not be able to do things with the "dead" key type as it
|
||
|
doesn't have some of the helper functions set upon it that the kernel
|
||
|
needs. Attempting to use it may cause the kernel to crash.
|
||
|
|
||
|
Fix this by changing the name of the type to ".dead" so that it's rejected
|
||
|
up front on userspace syscalls by key_get_type_from_user().
|
||
|
|
||
|
Though this doesn't seem to affect recent kernels, it does affect older
|
||
|
ones, certainly those prior to:
|
||
|
|
||
|
commit c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81
|
||
|
Author: David Howells <dhowells@redhat.com>
|
||
|
Date: Tue Sep 16 17:36:06 2014 +0100
|
||
|
KEYS: Remove key_type::match in favour of overriding default by match_preparse
|
||
|
|
||
|
which went in before 3.18-rc1.
|
||
|
|
||
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
||
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
---
|
||
|
security/keys/gc.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/security/keys/gc.c b/security/keys/gc.c
|
||
|
index addf060..9cb4fe4 100644
|
||
|
--- a/security/keys/gc.c
|
||
|
+++ b/security/keys/gc.c
|
||
|
@@ -46,7 +46,7 @@ static unsigned long key_gc_flags;
|
||
|
* immediately unlinked.
|
||
|
*/
|
||
|
struct key_type key_type_dead = {
|
||
|
- .name = "dead",
|
||
|
+ .name = ".dead",
|
||
|
};
|
||
|
|
||
|
/*
|
||
|
--
|
||
|
cgit v1.1
|
||
|
|