Linux kernel source tree https://git.amat.us/linux/atom/security?h=v2.6.27.25 2009-06-12T03:01:28Z 2009-06-12T03:01:28Z Eric Paris eparis@redhat.com 2009-06-01T14:21:05Z urn:sha1:894e24c2c5b6055ef9704b0ffdbacd9d4fdd130b This patch is not applicable to Linus's tree as the code in question has been removed for 2.6.30. I'm sending in case any of the stable maintainers would like to push to their branches (which I think anything pre 2.6.30 would like to do). Ubuntu users were experiencing a kernel panic when they enabled SELinux due to an old bug in our handling of the compatibility mode network controls, introduced Jan 1 2008 effad8df44261031a882e1a895415f7186a5098e Most distros have not used the compat_net code since the new code was introduced and so noone has hit this problem before. Ubuntu is the only distro I know that enabled that legacy cruft by default. But, I was ask to look at it and found that the above patch changed a call to avc_has_perm from if(send_perm) to if(!send_perm) in selinux_ip_postroute_iptables_compat(). The result is that users who turn on SELinux and have compat_net set can (and oftern will) BUG() in avc_has_perm_noaudit since they are requesting 0 permissions. This patch corrects that accidental bug introduction. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-02T17:25:09Z Eugene Teo eteo@redhat.com 2009-04-13T02:04:41Z urn:sha1:910c9e41186762de3717baaf392ab5ff0c454496 Not upstream in 2.6.30, as the function was removed there, making this a non-issue. Node and port send checks can skip in the compat_net=1 case. This bug was introduced in commit effad8d. Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Reported-by: Dan Carpenter <error27@gmail.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-05-02T17:23:55Z Etienne Basset etienne.basset@numericable.fr 2009-03-31T21:54:11Z urn:sha1:2d44563c1619317484982f0e46e246ebc9afe898 upstream commit: 4303154e86597885bc3cbc178a48ccbc8213875f this patch fix an oops in smack when setting a size 0 SMACK64 xattr eg attr -S -s SMACK64 -V '' somefile This oops because smk_import_entry treats a 0 length as SMK_MAXLEN Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-03-17T00:52:57Z Paul Moore paul.moore@hp.com 2009-02-20T21:33:02Z urn:sha1:068c8059e492c269ae6291286e6d942cae652cb6 commit 09c50b4a52c01a1f450b8eec819089e228655bfb upstream. At some point we (okay, I) managed to break the ability for users to use the setsockopt() syscall to set IPv4 options when NetLabel was not active on the socket in question. The problem was noticed by someone trying to use the "-R" (record route) option of ping: # ping -R 10.0.0.1 ping: record route: No message of desired type The solution is relatively simple, we catch the unlabeled socket case and clear the error code, allowing the operation to succeed. Please note that we still deny users the ability to override IPv4 options on socket's which have NetLabel labeling active; this is done to ensure the labeling remains intact. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-03-17T00:52:57Z Paul Moore paul.moore@hp.com 2009-02-27T20:00:03Z urn:sha1:480f51ace44e212fb825903c57d1535a9b01c1f5 commit d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02 upstream. Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission() caused by a certain sequence of SUNRPC operations. The problem appears to be due to the lack of NULL pointer checking in the function; this patch adds the pointer checks so the function will exit safely in the cases where the socket is not completely initialized. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-01-25T00:36:24Z Vegard Nossum vegard.nossum@gmail.com 2009-01-17T16:45:45Z urn:sha1:0c48c3bf5fb4dc6b0c3f5691acf11e4839bc115e commit 0d54ee1c7850a954026deec4cd4885f331da35cc upstream. Plug this leak. Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-01-18T18:35:39Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:30Z urn:sha1:bed9f5a735d89dcf265860f22a59c5028c0772d4 commit 938bb9f5e840eddbf54e4f62f6c5ba9b3ae12c9d upstream. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-01-18T18:35:39Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:29Z urn:sha1:5d06b3183f04cd4a65515da5f32a33db0a1a1c47 commit 1e7bfb2134dfec37ce04fb3a4ca89299e892d10c upstream. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-01-18T18:35:26Z Serge E. Hallyn serue@us.ibm.com 2009-01-08T02:07:46Z urn:sha1:0dcd6c96ef7a41cd48d31d991863437ff4ea24c5 commit 0b82ac37b889ec881b645860da3775118effb3ca upstream. The devcgroup_inode_permission() hook in the devices whitelist cgroup has always bypassed access checks on fifos. But the mknod hook did not. The devices whitelist is only about block and char devices, and fifos can't even be added to the whitelist, so fifos can't be created at all except by tasks which have 'a' in their whitelist (meaning they have access to all devices). Fix the behavior by bypassing access checks to mkfifo. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Cc: Li Zefan <lizf@cn.fujitsu.com> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Paul Menage <menage@google.com> Cc: Lai Jiangshan <laijs@cn.fujitsu.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: James Morris <jmorris@namei.org> Reported-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2008-11-13T17:56:04Z David Howells dhowells@redhat.com 2008-11-10T19:00:05Z urn:sha1:8d5dc6f7b2da3b6b108171b8051f18b6abc3ba1c commit 1f8f5cf6e4f038552a3e47b66085452c08556d71 upstream Make request_key() instantiate the per-user keyrings so that it doesn't oops if it needs to get hold of the user session keyring because there isn't a session keyring in place. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Steve French <smfrench@gmail.com> Tested-by: Rutger Nijlunsing <rutger.nijlunsing@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>