linux/security
David Howells 879669961b KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring
____call_usermodehelper() now erases any credentials set by the
subprocess_inf::init() function.  The problem is that commit
17f60a7da1 ("capabilites: allow the application of capability limits
to usermode helpers") creates and commits new credentials with
prepare_kernel_cred() after the call to the init() function.  This wipes
all keyrings after umh_keys_init() is called.

The best way to deal with this is to put the init() call just prior to
the commit_creds() call, and pass the cred pointer to init().  That
means that umh_keys_init() and suchlike can modify the credentials
_before_ they are published and potentially in use by the rest of the
system.

This prevents request_key() from working as it is prevented from passing
the session keyring it set up with the authorisation token to
/sbin/request-key, and so the latter can't assume the authority to
instantiate the key.  This causes the in-kernel DNS resolver to fail
with ENOKEY unconditionally.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Tested-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-17 09:40:48 -07:00
..
apparmor AppArmor: Fix sleep in invalid context from task_setrlimit 2011-06-09 11:46:53 +10:00
integrity/ima ima: remove unnecessary call to ima_must_measure 2011-02-23 16:38:52 -05:00
keys KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring 2011-06-17 09:40:48 -07:00
selinux Merge branch 'for-linus' of git://git.infradead.org/users/eparis/selinux into for-linus 2011-06-15 09:41:48 +10:00
smack Merge commit 'v2.6.39' into 20110526 2011-05-26 17:20:14 -04:00
tomoyo TOMOYO: Fix oops in tomoyo_mount_acl(). 2011-06-14 15:18:42 +10:00
capability.c SECURITY: Move exec_permission RCU checks into security modules 2011-04-25 10:20:32 -04:00
commoncap.c capabilities: do not special case exec of init 2011-04-04 10:31:06 +10:00
device_cgroup.c cgroups: add per-thread subsystem callbacks 2011-05-26 17:12:34 -07:00
inode.c convert get_sb_single() users 2010-10-29 04:16:28 -04:00
Kconfig security: select correct default LSM_MMAP_MIN_ADDR on ARM. 2011-03-22 09:35:12 +11:00
lsm_audit.c LSM: separate LSM_AUDIT_DATA_DENTRY from LSM_AUDIT_DATA_PATH 2011-04-25 18:14:07 -04:00
Makefile AppArmor: Enable configuring and building of the AppArmor security module 2010-08-02 15:38:34 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c SECURITY: Move exec_permission RCU checks into security modules 2011-04-25 10:20:32 -04:00