[PATCH 0/3] KEYS: Fixes

2017-04-19 Thread David Howells
Hi James, Can you pass these patches onto Linus, please? (1) Disallow keyrings whose name begins with a '.' to be joined [CVE-2016-9604]. (2) Change the name of the dead type to ".dead" to prevent user access [CVE-2017-6951]. (3) Fix keyctl_set_reqkey_keyring() to not leak thread

Re: [PATCH 0/3] KEYS: Fixes

2017-04-19 Thread David Howells
Let me try this again, this time with the correct email addresses... David

[PATCH 0/3] KEYS: Fixes

2017-04-19 Thread David Howells
Hi James, Can you pass these patches onto Linus, please? (1) Disallow keyrings whose name begins with a '.' to be joined [CVE-2016-9604]. (2) Change the name of the dead type to ".dead" to prevent user access [CVE-2017-6951]. (3) Fix keyctl_set_reqkey_keyring() to not leak thread

Re: [PATCH 0/3] KEYS: Fixes

2017-02-10 Thread David Howells
James Morris wrote: > It works for me on a different vm with a newer version of git, which may > be the issue (I'm using 1.7.1). I'm using git-2.7.4 David

Re: [PATCH 0/3] KEYS: Fixes

2017-02-09 Thread James Morris
On Thu, 9 Feb 2017, David Howells wrote: > James Morris wrote: > > > > Tagged thusly: > > > > > > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git > > > keys-fixes-20170209 > > > > I'm getting this: > > > > $ git pull > > git://git.kernel.org/pub/scm/linux/kernel/git/d

Re: [PATCH 0/3] KEYS: Fixes

2017-02-09 Thread James Morris
On Thu, 9 Feb 2017, David Howells wrote: > > Hi James, > > Can you pull these patches into your next tree please? They include the > following: > > (1) Fix sign-file for use with libressl. > > (2) Fix error production in request_master_key(). > > (3) Explicitly zero-out secret data before

Re: [PATCH 0/3] KEYS: Fixes

2017-02-09 Thread David Howells
James Morris wrote: > > Tagged thusly: > > > > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git > > keys-fixes-20170209 > > I'm getting this: > > $ git pull > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git > keys-fixes-20170209 > fatal: Couldn'

Re: [PATCH 0/3] KEYS: Fixes

2017-02-09 Thread James Morris
On Thu, 9 Feb 2017, David Howells wrote: > > Hi James, > > Can you pull these patches into your next tree please? They include the > following: > > (1) Fix sign-file for use with libressl. > > (2) Fix error production in request_master_key(). > > (3) Explicitly zero-out secret data before

[PATCH 0/3] KEYS: Fixes

2017-02-09 Thread David Howells
Hi James, Can you pull these patches into your next tree please? They include the following: (1) Fix sign-file for use with libressl. (2) Fix error production in request_master_key(). (3) Explicitly zero-out secret data before freeing it in case gcc optimises memset() away in future.

[PATCH 0/3] KEYS: Fixes

2016-10-26 Thread David Howells
Hi James, Can you pull these patches please and pass them on to Linus? They include the following: (1) Fix a buffer overflow when displaying /proc/keys [CVE-2016-7042]. (2) Fix broken initialisation in the big_key implementation that can result in an oops. (3) Make big_key depend on h