From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from e23smtp04.au.ibm.com ([202.81.31.146]:52279 "EHLO e23smtp04.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757940AbcATTY3 (ORCPT ); Wed, 20 Jan 2016 14:24:29 -0500 Received: from localhost by e23smtp04.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 21 Jan 2016 05:24:26 +1000 Message-ID: <1453317802.2858.25.camel@linux.vnet.ibm.com> Subject: Re: Patch "KEYS: prevent keys from being removed from specified keyrings" has been added to the 3.10-stable tree From: Mimi Zohar To: Greg KH Cc: dhowells@redhat.com, stable@vger.kernel.org, stable-commits@vger.kernel.org Date: Wed, 20 Jan 2016 14:23:22 -0500 In-Reply-To: <20160120183633.GA527@kroah.com> References: <145330913814483@kroah.com> <1453313747.4396.5.camel@linux.vnet.ibm.com> <20160120183633.GA527@kroah.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: stable-owner@vger.kernel.org List-ID: On Wed, 2016-01-20 at 10:36 -0800, Greg KH wrote: > On Wed, Jan 20, 2016 at 01:15:47PM -0500, Mimi Zohar wrote: > > Hi Greg, > > > > The concept of not being able to remove a key from a keyring was > > introduced to prevent keys from being removed from the blacklist > > keyring. The blacklist keyring was just upstreamed in the current open > > window. I don't see a need to backport either this patch or the "KEYS: > > refcount bug fix" patch. > > Ah, ok, remove this for all stable kernel trees, right? For some reason > I thought this was resolving a different key security "issue" that was > recently reported... Yes, thanks! Mimi