From 20c23beaf620e8b47f81f651ffbbd09f88701fae Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 23 Sep 2014 11:57:30 -0400 Subject: [PATCH] Fix return code when adding keys (rhbz 1145318) --- ...PERM-for-a-key-type-name-beginning-w.patch | 45 +++++++++++++++++++ kernel.spec | 7 +++ 2 files changed, 52 insertions(+) create mode 100644 KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch diff --git a/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch b/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch new file mode 100644 index 000000000..ae6bcf543 --- /dev/null +++ b/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch @@ -0,0 +1,45 @@ +From e6291fa2e457abd3ffc00855244bdff976b4134b Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Tue, 16 Sep 2014 17:29:03 +0100 +Subject: [PATCH] KEYS: Reinstate EPERM for a key type name beginning with a + '.' + +Reinstate the generation of EPERM for a key type name beginning with a '.' in +a userspace call. Types whose name begins with a '.' are internal only. + +The test was removed by: + + commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d + Author: Mimi Zohar + Date: Thu May 22 14:02:23 2014 -0400 + Subject: KEYS: special dot prefixed keyring name bug fix + +I think we want to keep the restriction on type name so that userspace can't +add keys of a special internal type. + +Note that removal of the test causes several of the tests in the keyutils +testsuite to fail. + +Signed-off-by: David Howells +Acked-by: Vivek Goyal +cc: Mimi Zohar +--- + security/keys/keyctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c +index e26f860e5f2e..eff88a5f5d40 100644 +--- a/security/keys/keyctl.c ++++ b/security/keys/keyctl.c +@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type, + return ret; + if (ret == 0 || ret >= len) + return -EINVAL; ++ if (type[0] == '.') ++ return -EPERM; + type[len - 1] = '\0'; + return 0; + } +-- +1.9.3 + diff --git a/kernel.spec b/kernel.spec index a0e2dd5f1..ebec7132d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -621,6 +621,9 @@ Patch26022: x86-efi-Delete-misleading-efi_printk-error-message.patch #rhbz 1123584 Patch26028: HID-rmi-check-sanity-of-incoming-report.patch +#rhbz 1145318 +Patch26029: KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch + # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel Patch30000: kernel-arm64.patch @@ -1353,6 +1356,9 @@ ApplyPatch x86-efi-Delete-misleading-efi_printk-error-message.patch #rhbz 1123584 ApplyPatch HID-rmi-check-sanity-of-incoming-report.patch +#rhbz 1145318 +ApplyPatch KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch + %if 0%{?aarch64patches} ApplyPatch kernel-arm64.patch %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. @@ -2222,6 +2228,7 @@ fi # || || %changelog * Tue Sep 23 2014 Josh Boyer +- Fix return code when adding keys (rhbz 1145318) - Add patch to fix XPS 13 touchpad issue (rhbz 1123584) * Tue Sep 23 2014 Josh Boyer - 3.17.0-0.rc6.git1.1