linux-toradex.git/security, branch v2.6.16.45 Linux kernel for Apalis and Colibri modules Keys: Fix key serial number collision handling (CVE-2007-0006) 2007-02-21T00:20:05+00:00 David Howells dhowells@redhat.com 2007-02-21T00:20:05+00:00 a0cd22f8e3a0cd4f6d8b08103629cbbc29a0c9fb Fix the key serial number collision avoidance code in key_alloc_serial(). This didn't use to be so much of a problem as the key serial numbers were allocated from a simple incremental counter, and it would have to go through two billion keys before it could possibly encounter a collision. However, n that random numbers are used instead, collisions are much more likely. This is fixed by finding a hole in the rbtree where the next unused serial number ought to be and using that by going almost back to the top of the insertion routine and redoing the insertion with the new serial number rathe than trying to be clever and attempting to work out the insertion point pointer directly. This fixes kernel Bugzilla #7727. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> 
Fix the key serial number collision avoidance code in key_alloc_serial().

This didn't use to be so much of a problem as the key serial numbers were
allocated from a simple incremental counter, and it would have to go through
two billion keys before it could possibly encounter a collision.  However, n
that random numbers are used instead, collisions are much more likely.

This is fixed by finding a hole in the rbtree where the next unused serial
number ought to be and using that by going almost back to the top of the
insertion routine and redoing the insertion with the new serial number rathe
than trying to be clever and attempting to work out the insertion point
pointer directly.

This fixes kernel Bugzilla #7727.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
security/seclvl.c: fix time wrap (CVE-2005-4352) 2006-11-17T16:42:43+00:00 Adrian Bunk bunk@stusta.de 2006-11-17T16:42:43+00:00 e6169b53986005dff5307cc8ac1f555334073d09 initlvl=2 in seclvl gives the guarantee "Cannot decrement the system time". But it was possible to set the time to the maximum unixtime value (19 Jan 2038) resulting in a wrap to the minimum value. This patch fixes this by disallowing setting the time to any date after 2030 with initlvl=2. Signed-off-by: Adrian Bunk <bunk@stusta.de> 
initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".

But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.

This patch fixes this by disallowing setting the time to any date
after 2030 with initlvl=2.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
[PATCH] selinux: check for failed kmalloc in security_sid_to_context() 2006-05-20T22:00:31+00:00 Serge E. Hallyn serue@us.ibm.com 2006-05-15T16:43:48+00:00 3220ee4a7afa92cc7315f9f74b64bb8a7f9b1320 Check for NULL kmalloc return value before writing to it. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Check for NULL kmalloc return value before writing to it.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] selinux: Fix MLS compatibility off-by-one bug 2006-04-24T16:56:04+00:00 Ron Yorston rmy@tigress.co.uk 2006-04-19T05:21:04+00:00 00905d543081c11b3823577b951e22fdf3260477 Fix an off-by-one error in the MLS compatibility code that was causing contexts with a MLS suffix to be rejected, preventing sharing partitions between FC4 and FC5. Bug reported in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188068 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
Fix an off-by-one error in the MLS compatibility code that was causing
contexts with a MLS suffix to be rejected, preventing sharing partitions
between FC4 and FC5.  Bug reported in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188068

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] Keys: Fix oops when adding key to non-keyring [CVE-2006-1522] 2006-04-11T04:48:21+00:00 David Howells dhowells@redhat.com 2006-04-10T17:01:40+00:00 5494bd6a500cc7c5a502279eabfbdacccd4b89d1 This fixes the problem of an oops occuring when a user attempts to add a key to a non-keyring key [CVE-2006-1522]. The problem is that __keyring_search_one() doesn't check that the keyring it's been given is actually a keyring. I've fixed this problem by: (1) declaring that caller of __keyring_search_one() must guarantee that the keyring is a keyring; and (2) making key_create_or_update() check that the keyring is a keyring, and return -ENOTDIR if it isn't. This can be tested by: keyctl add user b b `keyctl add user a a @s` Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].

The problem is that __keyring_search_one() doesn't check that the
keyring it's been given is actually a keyring.

I've fixed this problem by:

 (1) declaring that caller of __keyring_search_one() must guarantee that
     the keyring is a keyring; and

 (2) making key_create_or_update() check that the keyring is a keyring,
     and return -ENOTDIR if it isn't.

This can be tested by:

	keyctl add user b b `keyctl add user a a @s`

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] selinux: tracer SID fix 2006-03-11T17:19:34+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-03-11T11:27:16+00:00 341c2d806b71cc3596afeb2d9bd26cd718e75202 Fix SELinux to not reset the tracer SID when the child is already being traced, since selinux_ptrace is also called by proc for access checking outside of the context of a ptrace attach. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Fix SELinux to not reset the tracer SID when the child is already being
traced, since selinux_ptrace is also called by proc for access checking
outside of the context of a ptrace attach.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] selinux: require AUDIT 2006-02-08T00:12:33+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-02-07T20:58:51+00:00 99f6d61bda82d09b2d94414d413d39f66a0b7da2 Make SELinux depend on AUDIT as it requires the basic audit support to log permission denials at all. Note that AUDITSYSCALL remains optional for SELinux, although it can be useful in providing further information upon denials. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Make SELinux depend on AUDIT as it requires the basic audit support to log
permission denials at all.  Note that AUDITSYSCALL remains optional for
SELinux, although it can be useful in providing further information upon
denials.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] selinux: require SECURITY_NETWORK 2006-02-05T19:06:52+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-02-05T07:27:50+00:00 c2b507fda390b8ae90deba9b8cdc3fe727482193 Make SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it requires the socket hooks for proper operation even in the local case. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Make SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it
requires the socket hooks for proper operation even in the local case.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Fix keyctl usage of strnlen_user() 2006-02-03T16:32:10+00:00 Davi Arnaut davi.arnaut@gmail.com 2006-02-03T11:04:46+00:00 6d94074f0804143eac6bce72dc04447c0040e7d8 In the small window between strnlen_user() and copy_from_user() userspace could alter the terminating `\0' character. Signed-off-by: Davi Arnaut <davi.arnaut@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
In the small window between strnlen_user() and copy_from_user() userspace
could alter the terminating `\0' character.

Signed-off-by: Davi Arnaut <davi.arnaut@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] selinux: remove security struct magic number fields and tests 2006-02-01T16:53:19+00:00 Stephen Smalley sds@tycho.nsa.gov 2006-02-01T11:05:56+00:00 9ac49d22138348198f729f07371ffb11991368e6 Remove the SELinux security structure magic number fields and tests, along with some unnecessary tests for NULL security pointers. These fields and tests are leftovers from the early attempts to support SELinux as a loadable module during LSM development. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Remove the SELinux security structure magic number fields and tests, along
with some unnecessary tests for NULL security pointers.  These fields and
tests are leftovers from the early attempts to support SELinux as a
loadable module during LSM development.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>