aboutsummaryrefslogtreecommitdiff
path: root/fs/cifs/dns_resolve.h
AgeCommit message (Collapse)Author
2010-08-10CIFS: Fix compile error with __init in cifs_init_dns_resolver() definitionMichael Neuling
An allmodconfig compile on ppc64 with 2.6.32.17 currently gives this error fs/cifs/dns_resolve.h:27: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'cifs_init_dns_resolver' This adds the correct header file to fix this. Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-08-10CIFS: Remove __exit mark from cifs_exit_dns_resolver()David Howells
commit 51c20fcced5badee0e2021c6c89f44aa3cbd72aa upstream. Remove the __exit mark from cifs_exit_dns_resolver() as it's called by the module init routine in case of error, and so may have been discarded during linkage. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-08-02CIFS: Fix a malicious redirect problem in the DNS lookup codeDavid Howells
commit 4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7 upstream. Fix the security problem in the CIFS filesystem DNS lookup code in which a malicious redirect could be installed by a random user by simply adding a result record into one of their keyrings with add_key() and then invoking a CIFS CFS lookup [CVE-2010-2524]. This is done by creating an internal keyring specifically for the caching of DNS lookups. To enforce the use of this keyring, the module init routine creates a set of override credentials with the keyring installed as the thread keyring and instructs request_key() to only install lookup result keys in that keyring. The override is then applied around the call to request_key(). This has some additional benefits when a kernel service uses this module to request a key: (1) The result keys are owned by root, not the user that caused the lookup. (2) The result keys don't pop up in the user's keyrings. (3) The result keys don't come out of the quota of the user that caused the lookup. The keyring can be viewed as root by doing cat /proc/keys: 2a0ca6c3 I----- 1 perm 1f030000 0 0 keyring .dns_resolver: 1/4 It can then be listed with 'keyctl list' by root. # keyctl list 0x2a0ca6c3 1 key in keyring: 726766307: --alswrv 0 0 dns_resolver: foo.bar.com Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-and-Tested-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <smfrench@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2008-02-07[CIFS] reduce checkpatch warningsSteve French
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-01-10[CIFS] Forgot to add two new files from previous commitSteve French
Thanks to Igor for noticing this. CC: Igor Mammedov <niallain@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-03-24 04:50:23 +0000