leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c1644fe041
linux/security/keys
History
David Howells c1644fe041 KEYS: Change the name of the dead type to ".dead" to prevent user access 
This fixes CVE-2017-6951.

Userspace should not be able to do things with the "dead" key type as it
doesn't have some of the helper functions set upon it that the kernel
needs.  Attempting to use it may cause the kernel to crash.

Fix this by changing the name of the type to ".dead" so that it's rejected
up front on userspace syscalls by key_get_type_from_user().

Though this doesn't seem to affect recent kernels, it does affect older
ones, certainly those prior to:

	commit c06cfb08b8
	Author: David Howells <dhowells@redhat.com>
	Date:   Tue Sep 16 17:36:06 2014 +0100
	KEYS: Remove key_type::match in favour of overriding default by match_preparse

which went in before 3.18-rc1.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org
2017-04-18 15:31:39 +01:00
..
encrypted-keys KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
big_key.c KEYS: Sort out big_key initialisation 2016-10-27 16:03:27 +11:00
compat.c KEYS: Add placeholder for KDF usage with DH 2016-06-03 16:14:34 +10:00
dh.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
gc.c KEYS: Change the name of the dead type to ".dead" to prevent user access 2017-04-18 15:31:39 +01:00
internal.h sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
Kconfig security/keys: make BIG_KEYS dependent on stdrng. 2016-10-27 16:03:33 +11:00
key.c KEYS: potential uninitialized variable 2016-06-16 17:15:04 -10:00
keyctl.c KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings 2017-04-18 15:31:35 +01:00
keyring.c KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED 2016-04-11 22:44:15 +01:00
Makefile KEYS: Add KEYCTL_DH_COMPUTE command 2016-04-12 19:54:58 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c KEYS: Fix short sprintf buffer in /proc/keys show function 2016-10-27 16:03:24 +11:00
process_keys.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h> 2017-03-02 08:42:29 +01:00
request_key_auth.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
request_key.c Make static usermode helper binaries constant 2017-01-19 12:59:45 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00