remarkable-linux

redonkable

Fork of reMarkable kernel https://github.com/reMarkable/linux

Go to file

Eric Biggers 69d5894ce0 KEYS: add missing permission check for request_key() destination commit `4dca6ea1d9` upstream. When the request_key() syscall is not passed a destination keyring, it links the requested key (if constructed) into the "default" request-key keyring. This should require Write permission to the keyring. However, there is actually no permission check. This can be abused to add keys to any keyring to which only Search permission is granted. This is because Search permission allows joining the keyring. keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_SESSION_KEYRING) then will set the default request-key keyring to the session keyring. Then, request_key() can be used to add keys to the keyring. Both negatively and positively instantiated keys can be added using this method. Adding negative keys is trivial. Adding a positive key is a bit trickier. It requires that either /sbin/request-key positively instantiates the key, or that another thread adds the key to the process keyring at just the right time, such that request_key() misses it initially but then finds it in construct_alloc_key(). Fix this bug by checking for Write permission to the keyring in construct_get_dest_keyring() when the default keyring is being used. We don't do the permission check for non-default keyrings because that was already done by the earlier call to lookup_user_key(). Also, request_key_and_link() is currently passed a 'struct key *' rather than a key_ref_t, so the "possessed" bit is unavailable. We also don't do the permission check for the "requestor keyring", to continue to support the use case described by commit `8bbf4976b5` ("KEYS: Alter use of key instantiation link-to-keyring argument") where /sbin/request-key recursively calls request_key() to add keys to the original requestor's destination keyring. (I don't know of any users who actually do that, though...) Fixes: `3e30148c3d` ("[PATCH] Keys: Make request-key create an authorisation key") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2017-12-14 09:52:52 +01:00
Documentation	dt-bindings: timer: renesas, cmt: Fix SoC-specific compatible values	2017-12-10 13:40:41 +01:00
arch	locking/refcounts: Do not force refcount_t usage as GPL-only export	2017-12-10 13:40:45 +01:00
block	block: Fix a race between blk_cleanup_queue() and timeout handling	2017-11-30 08:40:52 +00:00
certs	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
crypto	crypto: skcipher - Fix skcipher_walk_aead_common	2017-12-05 11:26:30 +01:00
drivers	efi/esrt: Use memunmap() instead of kfree() to free the remapping	2017-12-14 09:52:52 +01:00
firmware	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
fs	lockd: lost rollback of set_grace_period() in lockd_down_net()	2017-12-05 11:26:30 +01:00
include	efi: Move some sysfs files to be read-only by root	2017-12-14 09:52:52 +01:00
init	License cleanup: add SPDX license identifiers to some files	2017-11-02 10:04:46 -07:00
ipc	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
kernel	kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y	2017-12-10 13:40:40 +01:00
lib	ASN.1: check for error from ASN1_OP_END__ACT actions	2017-12-14 09:52:52 +01:00
mm	mm, x86/mm: Fix performance regression in get_user_pages_fast()	2017-12-10 13:40:43 +01:00
net	NFC: fix device-allocation error return	2017-11-30 08:40:55 +00:00
samples	License cleanup: add SPDX license identifiers to some files	2017-11-02 10:04:46 -07:00
scripts	scripts: add leaking_addresses.pl	2017-11-06 11:46:42 -08:00
security	KEYS: add missing permission check for request_key() destination	2017-12-14 09:52:52 +01:00
sound	ASoC: sun8i-codec: Set the BCLK divider	2017-11-30 08:40:49 +00:00
tools	hv: kvp: Avoid reading past allocated blocks from KVP file	2017-12-14 09:52:50 +01:00
usr	initramfs: fix initramfs rebuilds w/ compression after disabling	2017-11-03 07:39:19 -07:00
virt	Fixes for interrupt controller emulation in ARM/ARM64 and x86, plus a one-liner	2017-11-04 11:44:55 -07:00
.cocciconfig	scripts: add Linux .cocciconfig for coccinelle	2016-07-22 12:13:39 +02:00
.get_maintainer.ignore	Add hch to .get_maintainer.ignore	2015-08-21 14:30:10 -07:00
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	kbuild: Add support to generate LLVM assembly files	2017-04-25 08:13:52 +09:00
.mailmap	.mailmap: Add Maciej W. Rozycki's Imagination e-mail address	2017-11-10 12:16:15 -08:00
COPYING	…
CREDITS	MAINTAINERS: update TPM driver infrastructure changes	2017-11-09 17:58:40 -08:00
Kbuild	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
Kconfig	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
MAINTAINERS	Merge branch 'akpm' (patches from Andrew)	2017-11-09 18:26:51 -08:00
Makefile	Linux 4.14.5	2017-12-10 13:40:45 +01:00
README	README: add a new README file, pointing to the Documentation/	2016-10-24 08:12:35 -02:00

README

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.