From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:58648 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751924AbcATSge (ORCPT ); Wed, 20 Jan 2016 13:36:34 -0500 Date: Wed, 20 Jan 2016 10:36:33 -0800 From: Greg KH To: Mimi Zohar Cc: dhowells@redhat.com, stable@vger.kernel.org, stable-commits@vger.kernel.org Subject: Re: Patch "KEYS: prevent keys from being removed from specified keyrings" has been added to the 3.10-stable tree Message-ID: <20160120183633.GA527@kroah.com> References: <145330913814483@kroah.com> <1453313747.4396.5.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1453313747.4396.5.camel@linux.vnet.ibm.com> Sender: stable-owner@vger.kernel.org List-ID: On Wed, Jan 20, 2016 at 01:15:47PM -0500, Mimi Zohar wrote: > Hi Greg, > > The concept of not being able to remove a key from a keyring was > introduced to prevent keys from being removed from the blacklist > keyring. The blacklist keyring was just upstreamed in the current open > window. I don't see a need to backport either this patch or the "KEYS: > refcount bug fix" patch. Ah, ok, remove this for all stable kernel trees, right? For some reason I thought this was resolving a different key security "issue" that was recently reported... thanks, greg k-h