linux/security, branch v2.6.28.7

security: introduce missing kfree

2009-01-25T00:41:33Z

commit 0d54ee1c7850a954026deec4cd4885f331da35cc upstream. Plug this leak. Acked-by: David Howells Cc: James Morris Signed-off-by: Vegard Nossum Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

System call wrappers part 28

2009-01-18T18:44:00Z

commit 938bb9f5e840eddbf54e4f62f6c5ba9b3ae12c9d upstream. Signed-off-by: Heiko Carstens Signed-off-by: Greg Kroah-Hartman

System call wrappers part 27

2009-01-18T18:44:00Z

commit 1e7bfb2134dfec37ce04fb3a4ca89299e892d10c upstream. Signed-off-by: Heiko Carstens Signed-off-by: Greg Kroah-Hartman

devices cgroup: allow mkfifo

2009-01-18T18:43:47Z

commit 0b82ac37b889ec881b645860da3775118effb3ca upstream. The devcgroup_inode_permission() hook in the devices whitelist cgroup has always bypassed access checks on fifos. But the mknod hook did not. The devices whitelist is only about block and char devices, and fifos can't even be added to the whitelist, so fifos can't be created at all except by tasks which have 'a' in their whitelist (meaning they have access to all devices). Fix the behavior by bypassing access checks to mkfifo. Signed-off-by: Serge E. Hallyn Cc: Li Zefan Cc: Pavel Emelyanov Cc: Paul Menage Cc: Lai Jiangshan Cc: KOSAKI Motohiro Cc: James Morris Reported-by: Daniel Lezcano Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

KEYS: Make request key instantiate the per-user keyrings

2008-11-10T21:20:57Z

Make request_key() instantiate the per-user keyrings so that it doesn't oops if it needs to get hold of the user session keyring because there isn't a session keyring in place. Signed-off-by: David Howells Tested-by: Steve French Tested-by: Rutger Nijlunsing Signed-off-by: Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

2008-11-01T16:50:38Z

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: SELinux: properly handle empty tty_files list

file caps: always start with clear bprm->caps_*

2008-11-01T16:49:45Z

While Linux doesn't honor setuid on scripts. However, it mistakenly behaves differently for file capabilities. This patch fixes that behavior by making sure that get_file_caps() begins with empty bprm->caps_*. That way when a script is loaded, its bprm->caps_* may be filled when binfmt_misc calls prepare_binprm(), but they will be cleared again when binfmt_elf calls prepare_binprm() next to read the interpreter's file capabilities. Signed-off-by: Serge Hallyn Acked-by: David Howells Acked-by: Andrew G. Morgan Signed-off-by: Linus Torvalds

SELinux: properly handle empty tty_files list

2008-10-31T22:38:48Z

SELinux has wrongly (since 2004) had an incorrect test for an empty tty->tty_files list. With an empty list selinux would be pointing to part of the tty struct itself and would then proceed to dereference that value and again dereference that result. An F10 change to plymouth on a ppc64 system is actually currently triggering this bug. This patch uses list_empty() to handle empty lists rather than looking at a meaningless location. [note, this fixes the oops reported in https://bugzilla.redhat.com/show_bug.cgi?id=469079] Signed-off-by: Eric Paris Signed-off-by: James Morris

nfsd: fix vm overcommit crash

2008-10-30T18:38:47Z

Junjiro R. Okajima reported a problem where knfsd crashes if you are using it to export shmemfs objects and run strict overcommit. In this situation the current->mm based modifier to the overcommit goes through a NULL pointer. We could simply check for NULL and skip the modifier but we've caught other real bugs in the past from mm being NULL here - cases where we did need a valid mm set up (eg the exec bug about a year ago). To preserve the checks and get the logic we want shuffle the checking around and add a new helper to the vm_ security wrappers Also fix a current->mm reference in nommu that should use the passed mm [akpm@linux-foundation.org: coding-style fixes] [akpm@linux-foundation.org: fix build] Reported-by: Junjiro R. Okajima Acked-by: James Morris Signed-off-by: Alan Cox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Merge branch 'v28-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip

2008-10-20T20:19:56Z

* 'v28-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (36 commits) fix documentation of sysrq-q really Fix documentation of sysrq-q timer_list: add base address to clock base timer_list: print cpu number of clockevents device timer_list: print real timer address NOHZ: restart tick device from irq_enter() NOHZ: split tick_nohz_restart_sched_tick() NOHZ: unify the nohz function calls in irq_enter() timers: fix itimer/many thread hang, fix timers: fix itimer/many thread hang, v3 ntp: improve adjtimex frequency rounding timekeeping: fix rounding problem during clock update ntp: let update_persistent_clock() sleep hrtimer: reorder struct hrtimer to save 8 bytes on 64bit builds posix-timers: lock_timer: make it readable posix-timers: lock_timer: kill the bogus ->it_id check posix-timers: kill ->it_sigev_signo and ->it_sigev_value posix-timers: sys_timer_create: cleanup the error handling posix-timers: move the initialization of timer->sigq from send to create path posix-timers: sys_timer_create: simplify and s/tasklist/rcu/ ... Fix trivial conflicts due to sysrq-q description clahes in Documentation/sysrq.txt and drivers/char/sysrq.c