CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)

This commit is contained in:
Josh Boyer 2013-03-07 07:56:22 -05:00
parent 2ff05084e6
commit 4bd0ec95ad
2 changed files with 25 additions and 1 deletions

View File

@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and # For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
# #
%global baserelease 4 %global baserelease 5
%global fedora_build %{baserelease} %global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching # base_sublevel is the kernel version we're starting with and patching
@ -742,6 +742,9 @@ Patch21265: efi-fixes.patch
#rhbz 918408 #rhbz 918408
Patch21266: x86-bootparams-dont-clear-efi_info.patch Patch21266: x86-bootparams-dont-clear-efi_info.patch
# CVE-2013-1792 rhbz 916646,919021
Patch21267: keys-fix-race-with-concurrent-install_user_keyrings.patch
Patch22000: weird-root-dentry-name-debug.patch Patch22000: weird-root-dentry-name-debug.patch
#selinux ptrace child permissions #selinux ptrace child permissions
@ -1441,6 +1444,9 @@ ApplyPatch intel_pstate-Fix-intel_pstate_init-error-path.patch
#rhbz 917984 #rhbz 917984
ApplyPatch efi-fixes.patch ApplyPatch efi-fixes.patch
# CVE-2013-1792 rhbz 916646,919021
ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
%endif %endif
@ -2282,6 +2288,9 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Thu Mar 07 2013 Josh Boyer <jwboyer@redhat.com>
- CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
* Wed Mar 06 2013 Josh Boyer <jwboyer@redhat.com> * Wed Mar 06 2013 Josh Boyer <jwboyer@redhat.com>
- Adjust secure-boot patchset to work with boot_params sanitizing - Adjust secure-boot patchset to work with boot_params sanitizing
- Don't clear efi_info in boot_params (rhbz 918408) - Don't clear efi_info in boot_params (rhbz 918408)

View File

@ -0,0 +1,15 @@
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 58dfe08..c5ec083 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -57,7 +57,7 @@ int install_user_keyrings(void)
kenter("%p{%u}", user, uid);
- if (user->uid_keyring) {
+ if (user->uid_keyring && user->session_keyring) {
kleave(" = 0 [exist]");
return 0;
}