Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set (rhbz 1301099)

2016-01-27 09:26:32 -06:00 · 2016-01-27 09:26:32 -06:00 · 62d6d340df
parent 04cf44e3c8
commit 62d6d340df
2 changed files with 58 additions and 1 deletions
--- a/KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch
+++ b/KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch
@ -0,0 +1,51 @@
+From 7707055082a7005ad94ba81e5240644db8c0324a
+From: David Howells <dhowells@redhat.com>
+Date:   Tue Jan 26 16:28:17 2016 +0000
+Subject: [PATCH] KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set
+
+    KEY_FLAG_KEEP should only be applied to a key if the keyring it is being
+    linked into has KEY_FLAG_KEEP set.
+    
+    To this end, partially revert the following patch:
+    
+    	commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0
+    	Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
+    	Date:   Thu Jan 7 07:46:36 2016 -0500
+    	KEYS: refcount bug fix
+    
+    to undo the change that made it unconditional (Mimi got it right the first
+    time).
+    
+    Without undoing this change, it becomes impossible to delete, revoke or
+    invalidate keys added to keyrings through __key_instantiate_and_link()
+    where the keyring has itself been linked to.  To test this, run the
+    following command sequence:
+    
+        keyctl newring foo @s
+        keyctl add user a a %:foo
+        keyctl unlink %user:a %:foo
+        keyctl clear %:foo
+    
+    With the commit mentioned above the third and fourth commands fail with
+    EPERM when they should succeed.
+    
+    Reported-by: Stephen Gallager <sgallagh@redhat.com>
+    Signed-off-by: David Howells <dhowells@redhat.com>
+    cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
+    cc: keyrings@vger.kernel.org
+    cc: stable@vger.kernel.org
+
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 07a87311055c..09ef276c4bdc 100644
+--- a/security/keys/key.c
+++ b/security/keys/key.c
+@@ -430,7 +430,8 @@ static int __key_instantiate_and_link(struct key *key,
+ 
+ 			/* and link it into the destination keyring */
+ 			if (keyring) {
+-				set_bit(KEY_FLAG_KEEP, &key->flags);
+				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
+					set_bit(KEY_FLAG_KEEP, &key->flags);
+ 
+ 				__key_link(key, _edit);
+ 			}
--- a/kernel.spec
+++ b/kernel.spec
@ -40,7 +40,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 1
+%global baserelease 2
 %global fedora_build %{baserelease}

 # base_sublevel is the kernel version we're starting with and patching
@ -605,6 +605,9 @@ Patch640: PNP-Add-Haswell-ULT-to-Intel-MCH-size-workaround.patch
 #Required for some persistent memory options
 Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch

+#rhbz 1301099
+Patch642: KEYS-only-apply-KEY_FLAG_KEEP-to-a-key-if-a-parent.patch
+
 # END OF PATCH DEFINITIONS

 %endif
@ -2050,6 +2053,9 @@ fi
 #
 # 
 %changelog
+* Wed Jan 27 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.0-0.rc1.git0.2
+- Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set (rhbz 1301099)
+
 * Mon Jan 25 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.0-0.rc1.git0.1
 - Disable debugging options.
 - Linux v4.5-rc1