From 62d6d340dfa5117500a2aec05bf68187958f369b Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 27 Jan 2016 09:26:32 -0600 Subject: [PATCH] Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set (rhbz 1301099) --- ...y-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch | 51 +++++++++++++++++++ kernel.spec | 8 ++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch diff --git a/KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch b/KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch new file mode 100644 index 000000000..729222997 --- /dev/null +++ b/KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch @@ -0,0 +1,51 @@ +From 7707055082a7005ad94ba81e5240644db8c0324a +From: David Howells +Date: Tue Jan 26 16:28:17 2016 +0000 +Subject: [PATCH] KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set + + KEY_FLAG_KEEP should only be applied to a key if the keyring it is being + linked into has KEY_FLAG_KEEP set. + + To this end, partially revert the following patch: + + commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 + Author: Mimi Zohar + Date: Thu Jan 7 07:46:36 2016 -0500 + KEYS: refcount bug fix + + to undo the change that made it unconditional (Mimi got it right the first + time). + + Without undoing this change, it becomes impossible to delete, revoke or + invalidate keys added to keyrings through __key_instantiate_and_link() + where the keyring has itself been linked to. To test this, run the + following command sequence: + + keyctl newring foo @s + keyctl add user a a %:foo + keyctl unlink %user:a %:foo + keyctl clear %:foo + + With the commit mentioned above the third and fourth commands fail with + EPERM when they should succeed. + + Reported-by: Stephen Gallager + Signed-off-by: David Howells + cc: Mimi Zohar + cc: keyrings@vger.kernel.org + cc: stable@vger.kernel.org + +diff --git a/security/keys/key.c b/security/keys/key.c +index 07a87311055c..09ef276c4bdc 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -430,7 +430,8 @@ static int __key_instantiate_and_link(struct key *key, + + /* and link it into the destination keyring */ + if (keyring) { +- set_bit(KEY_FLAG_KEEP, &key->flags); ++ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) ++ set_bit(KEY_FLAG_KEEP, &key->flags); + + __key_link(key, _edit); + } diff --git a/kernel.spec b/kernel.spec index b345d7f13..59023550c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -40,7 +40,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -605,6 +605,9 @@ Patch640: PNP-Add-Haswell-ULT-to-Intel-MCH-size-workaround.patch #Required for some persistent memory options Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch +#rhbz 1301099 +Patch642: KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch + # END OF PATCH DEFINITIONS %endif @@ -2050,6 +2053,9 @@ fi # # %changelog +* Wed Jan 27 2016 Justin M. Forbes - 4.5.0-0.rc1.git0.2 +- Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set (rhbz 1301099) + * Mon Jan 25 2016 Justin M. Forbes - 4.5.0-0.rc1.git0.1 - Disable debugging options. - Linux v4.5-rc1