From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: David Howells <dhowells@redhat.com>,
Eric Biggers <ebiggers@google.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Michael Halcrow <mhalcrow@google.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] KEYS: Fixes and crypto fixes
Date: Wed, 27 Sep 2017 21:19:24 +0000 [thread overview]
Message-ID: <28036.1506547164@warthog.procyon.org.uk> (raw)
Hi James,
Can you pull these and pass them on to Linus. There are two sets of
patches here:
(1) A bunch of core keyrings bug fixes from Eric Biggers.
(2) Fixing big_key to use safe crypto from Jason A. Donenfeld.
There are more patches to come from Eric, but I haven't reviewed at them
yet, so I haven't included them here. Thanks to Eric for reviewing the
keyrings code.
David
---
The following changes since commit ebb2c2437d8008d46796902ff390653822af6cc4:
Merge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2017-09-18 08:44:51 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20170927
for you to fetch changes up to 428490e38b2e352812e0b765d8bceafab0ec441d:
security/keys: rewrite all of big_key crypto (2017-09-25 23:31:58 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
Eric Biggers (10):
KEYS: fix cred refcount leak in request_key_auth_new()
KEYS: don't revoke uninstantiated key in request_key_auth_new()
KEYS: fix key refcount leak in keyctl_assume_authority()
KEYS: fix key refcount leak in keyctl_read_key()
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: prevent creating a different user's keyrings
KEYS: prevent KEYCTL_READ on negative key
KEYS: reset parent each time before searching key_user_tree
KEYS: restrict /proc/keys by credentials at open time
KEYS: use kmemdup() in request_key_auth_new()
Jason A. Donenfeld (2):
security/keys: properly zero out sensitive key material in big_key
security/keys: rewrite all of big_key crypto
include/linux/key.h | 2 +
security/keys/Kconfig | 4 +-
security/keys/big_key.c | 139 ++++++++++++++++++---------------------
security/keys/internal.h | 2 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 13 ++--
security/keys/keyring.c | 37 ++++++-----
security/keys/proc.c | 8 +--
security/keys/process_keys.c | 6 +-
security/keys/request_key_auth.c | 74 ++++++++++-----------
10 files changed, 139 insertions(+), 152 deletions(-)
WARNING: multiple messages have this Message-ID (diff)
From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: David Howells <dhowells@redhat.com>,
Eric Biggers <ebiggers@google.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Michael Halcrow <mhalcrow@google.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] KEYS: Fixes and crypto fixes
Date: Wed, 27 Sep 2017 22:19:24 +0100 [thread overview]
Message-ID: <28036.1506547164@warthog.procyon.org.uk> (raw)
Hi James,
Can you pull these and pass them on to Linus. There are two sets of
patches here:
(1) A bunch of core keyrings bug fixes from Eric Biggers.
(2) Fixing big_key to use safe crypto from Jason A. Donenfeld.
There are more patches to come from Eric, but I haven't reviewed at them
yet, so I haven't included them here. Thanks to Eric for reviewing the
keyrings code.
David
---
The following changes since commit ebb2c2437d8008d46796902ff390653822af6cc4:
Merge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2017-09-18 08:44:51 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20170927
for you to fetch changes up to 428490e38b2e352812e0b765d8bceafab0ec441d:
security/keys: rewrite all of big_key crypto (2017-09-25 23:31:58 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
Eric Biggers (10):
KEYS: fix cred refcount leak in request_key_auth_new()
KEYS: don't revoke uninstantiated key in request_key_auth_new()
KEYS: fix key refcount leak in keyctl_assume_authority()
KEYS: fix key refcount leak in keyctl_read_key()
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: prevent creating a different user's keyrings
KEYS: prevent KEYCTL_READ on negative key
KEYS: reset parent each time before searching key_user_tree
KEYS: restrict /proc/keys by credentials at open time
KEYS: use kmemdup() in request_key_auth_new()
Jason A. Donenfeld (2):
security/keys: properly zero out sensitive key material in big_key
security/keys: rewrite all of big_key crypto
include/linux/key.h | 2 +
security/keys/Kconfig | 4 +-
security/keys/big_key.c | 139 ++++++++++++++++++---------------------
security/keys/internal.h | 2 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 13 ++--
security/keys/keyring.c | 37 ++++++-----
security/keys/proc.c | 8 +--
security/keys/process_keys.c | 6 +-
security/keys/request_key_auth.c | 74 ++++++++++-----------
10 files changed, 139 insertions(+), 152 deletions(-)
WARNING: multiple messages have this Message-ID (diff)
From: dhowells@redhat.com (David Howells)
To: linux-security-module@vger.kernel.org
Subject: [GIT PULL] KEYS: Fixes and crypto fixes
Date: Wed, 27 Sep 2017 22:19:24 +0100 [thread overview]
Message-ID: <28036.1506547164@warthog.procyon.org.uk> (raw)
Hi James,
Can you pull these and pass them on to Linus. There are two sets of
patches here:
(1) A bunch of core keyrings bug fixes from Eric Biggers.
(2) Fixing big_key to use safe crypto from Jason A. Donenfeld.
There are more patches to come from Eric, but I haven't reviewed at them
yet, so I haven't included them here. Thanks to Eric for reviewing the
keyrings code.
David
---
The following changes since commit ebb2c2437d8008d46796902ff390653822af6cc4:
Merge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2017-09-18 08:44:51 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20170927
for you to fetch changes up to 428490e38b2e352812e0b765d8bceafab0ec441d:
security/keys: rewrite all of big_key crypto (2017-09-25 23:31:58 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
Eric Biggers (10):
KEYS: fix cred refcount leak in request_key_auth_new()
KEYS: don't revoke uninstantiated key in request_key_auth_new()
KEYS: fix key refcount leak in keyctl_assume_authority()
KEYS: fix key refcount leak in keyctl_read_key()
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: prevent creating a different user's keyrings
KEYS: prevent KEYCTL_READ on negative key
KEYS: reset parent each time before searching key_user_tree
KEYS: restrict /proc/keys by credentials at open time
KEYS: use kmemdup() in request_key_auth_new()
Jason A. Donenfeld (2):
security/keys: properly zero out sensitive key material in big_key
security/keys: rewrite all of big_key crypto
include/linux/key.h | 2 +
security/keys/Kconfig | 4 +-
security/keys/big_key.c | 139 ++++++++++++++++++---------------------
security/keys/internal.h | 2 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 13 ++--
security/keys/keyring.c | 37 ++++++-----
security/keys/proc.c | 8 +--
security/keys/process_keys.c | 6 +-
security/keys/request_key_auth.c | 74 ++++++++++-----------
10 files changed, 139 insertions(+), 152 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next reply other threads:[~2017-09-27 21:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-27 21:19 David Howells [this message]
2017-09-27 21:19 ` [GIT PULL] KEYS: Fixes and crypto fixes David Howells
2017-09-27 21:19 ` David Howells
2017-09-27 23:14 ` James Morris
2017-09-27 23:14 ` James Morris
2017-09-27 23:14 ` James Morris
2017-09-28 0:15 ` Eric Biggers
2017-09-28 0:15 ` Eric Biggers
2017-09-28 0:15 ` Eric Biggers
2017-09-28 2:08 ` James Morris
2017-09-28 2:08 ` James Morris
2017-09-28 2:08 ` James Morris
2017-09-28 10:34 ` Herbert Xu
2017-09-28 10:34 ` Herbert Xu
2017-09-28 10:34 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28036.1506547164@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=Jason@zx2c4.com \
--cc=ebiggers@google.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhalcrow@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.