diff options
| author | David Howells <dhowells@redhat.com> | 2011-06-17 06:25:59 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-06-17 12:40:48 -0400 |
| commit | 879669961b11e7f40b518784863a259f735a72bf (patch) | |
| tree | 9bff5392e365caf656c9dd9be38f7471c182278c /kernel/kmod.c | |
| parent | eb96c925152fc289311e5d7e956b919e9b60ab53 (diff) | |
KEYS/DNS: Fix ____call_usermodehelper() to not lose the session keyring
____call_usermodehelper() now erases any credentials set by the
subprocess_inf::init() function. The problem is that commit
17f60a7da150 ("capabilites: allow the application of capability limits
to usermode helpers") creates and commits new credentials with
prepare_kernel_cred() after the call to the init() function. This wipes
all keyrings after umh_keys_init() is called.
The best way to deal with this is to put the init() call just prior to
the commit_creds() call, and pass the cred pointer to init(). That
means that umh_keys_init() and suchlike can modify the credentials
_before_ they are published and potentially in use by the rest of the
system.
This prevents request_key() from working as it is prevented from passing
the session keyring it set up with the authorisation token to
/sbin/request-key, and so the latter can't assume the authority to
instantiate the key. This causes the in-kernel DNS resolver to fail
with ENOKEY unconditionally.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Tested-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/kmod.c')
| -rw-r--r-- | kernel/kmod.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/kernel/kmod.c b/kernel/kmod.c index ad6a81c58b44..47613dfb7b28 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c | |||
| @@ -156,12 +156,6 @@ static int ____call_usermodehelper(void *data) | |||
| 156 | */ | 156 | */ |
| 157 | set_user_nice(current, 0); | 157 | set_user_nice(current, 0); |
| 158 | 158 | ||
| 159 | if (sub_info->init) { | ||
| 160 | retval = sub_info->init(sub_info); | ||
| 161 | if (retval) | ||
| 162 | goto fail; | ||
| 163 | } | ||
| 164 | |||
| 165 | retval = -ENOMEM; | 159 | retval = -ENOMEM; |
| 166 | new = prepare_kernel_cred(current); | 160 | new = prepare_kernel_cred(current); |
| 167 | if (!new) | 161 | if (!new) |
| @@ -173,6 +167,14 @@ static int ____call_usermodehelper(void *data) | |||
| 173 | new->cap_inheritable); | 167 | new->cap_inheritable); |
| 174 | spin_unlock(&umh_sysctl_lock); | 168 | spin_unlock(&umh_sysctl_lock); |
| 175 | 169 | ||
| 170 | if (sub_info->init) { | ||
| 171 | retval = sub_info->init(sub_info, new); | ||
| 172 | if (retval) { | ||
| 173 | abort_creds(new); | ||
| 174 | goto fail; | ||
| 175 | } | ||
| 176 | } | ||
| 177 | |||
| 176 | commit_creds(new); | 178 | commit_creds(new); |
| 177 | 179 | ||
| 178 | retval = kernel_execve(sub_info->path, | 180 | retval = kernel_execve(sub_info->path, |
| @@ -388,7 +390,7 @@ EXPORT_SYMBOL(call_usermodehelper_setup); | |||
| 388 | * context in which call_usermodehelper_exec is called. | 390 | * context in which call_usermodehelper_exec is called. |
| 389 | */ | 391 | */ |
| 390 | void call_usermodehelper_setfns(struct subprocess_info *info, | 392 | void call_usermodehelper_setfns(struct subprocess_info *info, |
| 391 | int (*init)(struct subprocess_info *info), | 393 | int (*init)(struct subprocess_info *info, struct cred *new), |
| 392 | void (*cleanup)(struct subprocess_info *info), | 394 | void (*cleanup)(struct subprocess_info *info), |
| 393 | void *data) | 395 | void *data) |
| 394 | { | 396 | { |