[kernel/f17] CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
Josh Boyer
jwboyer at fedoraproject.org
Thu Mar 7 12:59:09 UTC 2013
commit 86ce060b468608716193d685392f08030626b367
Author: Josh Boyer <jwboyer at redhat.com>
Date: Thu Mar 7 07:56:22 2013 -0500
CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
kernel.spec | 9 +++++++++
...ace-with-concurrent-install_user_keyrings.patch | 15 +++++++++++++++
2 files changed, 24 insertions(+), 0 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 8923a71..c88ffab 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -738,6 +738,9 @@ Patch22264: efi-fixes-3.8.patch
#rhbz 918512 918521
Patch22265: crypto-user-fix-info-leaks-in-report-API.patch
+# CVE-2013-1792 rhbz 916646,919021
+Patch22266: keys-fix-race-with-concurrent-install_user_keyrings.patch
+
#rhbz 812111
Patch24000: alps.patch
@@ -1452,6 +1455,9 @@ ApplyPatch userns-avoid-recursion-in-put_user_ns.patch
#rhbz 859346
ApplyPatch fix-destroy_conntrack-GPF.patch
+# CVE-2013-1792 rhbz 916646,919021
+ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2308,6 +2314,9 @@ fi
# '-' | |
# '-'
%changelog
+* Thu Mar 07 2013 Josh Boyer <jwboyer at redhat.com>
+- CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
+
* Wed Mar 06 2013 Justin M. Forbes <jforbes at redhat.com>
- Remove Ricoh multifunction DMAR patch as it's no longer needed (rhbz 880051)
- Fix destroy_conntrack GPF (rhbz 859346)
diff --git a/keys-fix-race-with-concurrent-install_user_keyrings.patch b/keys-fix-race-with-concurrent-install_user_keyrings.patch
new file mode 100644
index 0000000..ba7b30a
--- /dev/null
+++ b/keys-fix-race-with-concurrent-install_user_keyrings.patch
@@ -0,0 +1,15 @@
+diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
+index 58dfe08..c5ec083 100644
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -57,7 +57,7 @@ int install_user_keyrings(void)
+
+ kenter("%p{%u}", user, uid);
+
+- if (user->uid_keyring) {
++ if (user->uid_keyring && user->session_keyring) {
+ kleave(" = 0 [exist]");
+ return 0;
+ }
+
+
\ No newline at end of file
More information about the scm-commits
mailing list