Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/security
History
Eric Biggers 5c6321cec0 KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings 
commit c9f838d104fed6f2f61d68164712e3204bf5271b upstream.

This fixes CVE-2017-7472.

Running the following program as an unprivileged user exhausts kernel
memory by leaking thread keyrings:

	#include <keyutils.h>

	int main()
	{
		for (;;)
			keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING);
	}

Fix it by only creating a new thread keyring if there wasn't one before.
To make things more consistent, make install_thread_keyring_to_cred()
and install_process_keyring_to_cred() both return 0 if the corresponding
keyring is already present.

Fixes: d84f4f992c ("CRED: Inaugurate COW credentials")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Change-Id: Ia3db89c6c54fdd0e13b857e6f92bfddd8c033ae2
(cherry picked from commit 6efda2501976288f10895834ba2782d0df093441)
2017-05-19 18:40:58 -06:00
..
apparmor nick kvfree() from apparmor 2014-11-18 15:13:23 -08:00
integrity security: fix ima kconfig warning 2012-02-28 11:01:15 +11:00
keys KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings 2017-05-19 18:40:58 -06:00
selinux UPSTREAM: selinux: fix bug in conditional rules handling 2016-10-29 23:12:41 +08:00
smack consitify do_mount() arguments 2015-07-13 11:17:52 -07:00
tomoyo consitify do_mount() arguments 2015-07-13 11:17:52 -07:00
yama Yama: add PR_SET_PTRACER_ANY 2012-02-16 10:25:18 +11:00
capability.c consitify do_mount() arguments 2015-07-13 11:17:52 -07:00
commoncap.c Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2014-10-31 19:46:07 -07:00
device_cgroup.c cgroup: remove cgroup_subsys argument from callbacks 2012-02-02 09:20:22 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig FROMLIST: security,perf: Allow further restriction of perf_event_open 2016-06-20 19:00:29 +00:00
lsm_audit.c security: lsm_audit: add ioctl specific auditing 2015-04-20 09:42:31 -07:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c consitify do_mount() arguments 2015-07-13 11:17:52 -07:00