[kernel/f18] CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)

Josh Boyer jwboyer at fedoraproject.org
Thu Mar 7 12:59:14 UTC 2013 

commit 2926c94913f8ef1cbf3a6499bc71598b8716cadf
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Thu Mar 7 07:56:22 2013 -0500

    CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)

 kernel.spec                                        |   10 +++++++++-
 ...ace-with-concurrent-install_user_keyrings.patch |   15 +++++++++++++++
 2 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index a9a0b7f..ec8ad44 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 204
+%global baserelease 205
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -759,6 +759,9 @@ Patch22264: efi-fixes-3.8.patch
 #rhbz 918512 918521
 Patch22265: crypto-user-fix-info-leaks-in-report-API.patch
 
+# CVE-2013-1792 rhbz 916646,919021
+Patch22266: keys-fix-race-with-concurrent-install_user_keyrings.patch
+
 #rhbz 812111
 Patch24000: alps.patch
 
@@ -1483,6 +1486,8 @@ ApplyPatch userns-avoid-recursion-in-put_user_ns.patch
 #rhbz 859346
 ApplyPatch fix-destroy_conntrack-GPF.patch
 
+# CVE-2013-1792 rhbz 916646,919021
+ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch
 
 # END OF PATCH APPLICATIONS
 
@@ -2341,6 +2346,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Thu Mar 07 2013 Josh Boyer <jwboyer at redhat.com>
+- CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
+
 * Wed Mar 06 2013 Justin M. Forbes <jforbes at redhat.com>
 - Remove Ricoh multifunction DMAR patch as it's no longer needed (rhbz 880051)
 - Fix destroy_conntrack GPF (rhbz 859346)
diff --git a/keys-fix-race-with-concurrent-install_user_keyrings.patch b/keys-fix-race-with-concurrent-install_user_keyrings.patch
new file mode 100644
index 0000000..ba7b30a
--- /dev/null
+++ b/keys-fix-race-with-concurrent-install_user_keyrings.patch
@@ -0,0 +1,15 @@
+diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
+index 58dfe08..c5ec083 100644
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -57,7 +57,7 @@ int install_user_keyrings(void)
+ 
+ 	kenter("%p{%u}", user, uid);
+ 
+-	if (user->uid_keyring) {
++	if (user->uid_keyring && user->session_keyring) {
+ 		kleave(" = 0 [exist]");
+ 		return 0;
+ 	}
+
+  
\ No newline at end of file

More information about the scm-commits mailing list