1
linux/fs
David Howells 4c0c03ca54 CIFS: Fix a malicious redirect problem in the DNS lookup code
Fix the security problem in the CIFS filesystem DNS lookup code in which a
malicious redirect could be installed by a random user by simply adding a
result record into one of their keyrings with add_key() and then invoking a
CIFS CFS lookup [CVE-2010-2524].

This is done by creating an internal keyring specifically for the caching of
DNS lookups.  To enforce the use of this keyring, the module init routine
creates a set of override credentials with the keyring installed as the thread
keyring and instructs request_key() to only install lookup result keys in that
keyring.

The override is then applied around the call to request_key().

This has some additional benefits when a kernel service uses this module to
request a key:

 (1) The result keys are owned by root, not the user that caused the lookup.

 (2) The result keys don't pop up in the user's keyrings.

 (3) The result keys don't come out of the quota of the user that caused the
     lookup.

The keyring can be viewed as root by doing cat /proc/keys:

2a0ca6c3 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: 1/4

It can then be listed with 'keyctl list' by root.

	# keyctl list 0x2a0ca6c3
	1 key in keyring:
	726766307: --alswrv     0     0 dns_resolver: foo.bar.com

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-and-Tested-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-07-22 09:42:40 -07:00
..
9p drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
adfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
affs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
afs writeback: remove writeback_inodes_wbc 2010-07-06 08:54:03 +02:00
autofs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
autofs4 fs/autofs4: use memdup_user 2010-05-27 09:12:41 -07:00
befs
bfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2010-07-19 19:33:02 -07:00
cachefiles CacheFiles: Fix error handling in cachefiles_determine_cache_security() 2010-05-12 18:23:58 -07:00
ceph ceph: do not include cap/dentry releases in replayed messages 2010-07-16 10:30:18 -07:00
cifs CIFS: Fix a malicious redirect problem in the DNS lookup code 2010-07-22 09:42:40 -07:00
coda drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
configfs fix setattr error handling in sysfs, configfs 2010-06-04 17:16:29 -04:00
cramfs
debugfs Add x64 support to debugfs 2010-05-19 22:41:57 -04:00
devpts Simplify devpts_get_sb() failure exits 2010-05-21 18:31:12 -04:00
dlm dlm: fix ast ordering for user locks 2010-04-30 14:52:51 -05:00
ecryptfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
efs
exofs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
exportfs
ext2 ext2: update ctime when changing the file's permission by setfacl 2010-06-25 01:20:37 +02:00
ext3 ext3: update ctime when changing the file's permission by setfacl 2010-06-25 01:20:37 +02:00
ext4 ext4: Fix remaining racy updates of EXT4_I(inode)->i_flags 2010-06-05 11:51:27 -04:00
fat fat: convert to use the new truncate convention. 2010-05-27 22:16:02 -04:00
freevxfs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
fscache FS-Cache: Remove unneeded null checks 2010-06-01 13:32:11 -07:00
fuse Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 2010-05-30 09:16:14 -07:00
gfs2 mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
hfs
hfsplus hfsplus: Push down BKL into ioctl function 2010-05-17 05:27:03 +02:00
hostfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hpfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hppfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
hugetlbfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
isofs fs/: do not fallback to default_llseek() when readdir() uses BKL 2010-05-27 09:12:56 -07:00
jbd ext3: Fix waiting on transaction during fsync 2010-05-21 19:30:41 +02:00
jbd2 jbd2/ocfs2: Fix block checksumming when a buffer is used in several transactions 2010-07-15 15:17:47 -07:00
jffs2 Fix up trivial spelling errors ('taht' -> 'that') 2010-07-21 09:25:42 -07:00
jfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
lockd
logfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
minix Minix: Clean up left over label 2010-06-04 17:16:30 -04:00
ncpfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
nfs mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
nfs_common
nfsd Merge branch 'for-2.6.35' of git://linux-nfs.org/~bfields/linux 2010-06-09 12:43:04 -07:00
nilfs2 nilfs2: remove obsolete declarations of cache constructor and destructor 2010-05-31 20:50:29 +09:00
nls
notify Saner locking around deactivate_super() 2010-05-21 18:31:14 -04:00
ntfs drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
ocfs2 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2 2010-07-18 10:09:25 -07:00
omfs rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
openpromfs
partitions [S390] dasd: use correct label location for diag fba disks 2010-07-19 09:22:50 +02:00
proc nommu: add '[stack]' label to /proc/pid/maps output 2010-06-29 15:29:30 -07:00
qnx4 rename the generic fsync implementations 2010-05-27 22:06:06 -04:00
quota mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
ramfs fs: convert simple fs to new truncate 2010-05-27 22:15:47 -04:00
reiserfs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
romfs
smbfs kill spurious reference to vmtruncate 2010-05-27 22:15:42 -04:00
squashfs squashfs: fix name reading in squashfs_xattr_get 2010-05-23 08:27:42 +01:00
sysfs fix setattr error handling in sysfs, configfs 2010-06-04 17:16:29 -04:00
sysv sysvfs: fix NULL deref. when allocating new inode 2010-06-29 15:29:32 -07:00
ubifs mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
ufs Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6 2010-05-30 09:11:11 -07:00
xfs xfs: track AGs with reclaimable inodes in per-ag radix tree 2010-07-20 09:43:39 +10:00
aio.c get rid of the magic around f_count in aio 2010-05-27 22:03:07 -04:00
anon_inodes.c Revert "anon_inode: set S_IFREG on the anon_inode" 2010-05-27 22:03:05 -04:00
attr.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
bad_inode.c drop unused dentry argument to ->fsync 2010-05-27 22:05:02 -04:00
binfmt_aout.c
binfmt_elf_fdpic.c binfmt_elf_fdpic: Fix clear_user() error handling 2010-06-01 08:11:06 -07:00
binfmt_elf.c
binfmt_em86.c
binfmt_flat.c flat: tweak default stack alignment 2010-06-29 15:29:31 -07:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c
block_dev.c block: remove duplicate BUG_ON() in bd_finish_claiming() 2010-06-10 19:08:34 +02:00
buffer.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c pktcdvd: improve BKL and compat_ioctl.c usage 2010-04-29 08:44:37 -07:00
compat.c fs/compat_rw_copy_check_uvector: add missing compat_ptr call 2010-06-04 15:21:44 -07:00
dcache.c mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
dcookies.c
direct-io.c fs: introduce new truncate sequence 2010-05-27 22:15:33 -04:00
drop_caches.c new helper: iterate_supers() 2010-05-21 18:31:16 -04:00
eventfd.c
eventpoll.c sched, wait: Use wrapper functions 2010-05-11 17:43:58 +02:00
exec.c exit: avoid sig->count in de_thread/__exit_signal synchronization 2010-05-27 09:12:46 -07:00
fcntl.c fs/fcntl.c:kill_fasync_rcu() fa_lock must be IRQ-safe 2010-06-29 15:29:32 -07:00
fifo.c
file_table.c get rid of the magic around f_count in aio 2010-05-27 22:03:07 -04:00
file.c
filesystems.c
fs_struct.c
fs-writeback.c writeback: simplify the write back thread queue 2010-07-06 08:59:53 +02:00
generic_acl.c fs: xattr_handler table should be const 2010-05-21 18:31:18 -04:00
inode.c mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
internal.h Bury __put_super_and_need_restart() 2010-05-21 18:31:16 -04:00
ioctl.c Introduce freeze_super and thaw_super for the fsfreeze ioctl 2010-05-21 18:31:18 -04:00
ioprio.c
Kconfig
Kconfig.binfmt
libfs.c wrong type for 'magic' argument in simple_fill_super() 2010-06-04 17:16:28 -04:00
locks.c
Makefile Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
mbcache.c mm: add context argument to shrinker callback 2010-07-19 14:56:17 +10:00
mpage.c
namei.c VFS: fix recent breakage of FS_REVAL_DOT 2010-05-27 22:03:06 -04:00
namespace.c Merge branch 'next' into for-linus 2010-05-18 08:57:00 +10:00
nfsctl.c
no-block.c
open.c Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
pipe.c pipe: fix check in "set size" fcntl 2010-06-10 19:08:34 +02:00
pnode.c
pnode.h
posix_acl.c
read_write.c vfs: introduce noop_llseek() 2010-05-27 09:12:56 -07:00
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c splice: check f_mode for seekable file 2010-06-30 08:12:37 +02:00
stack.c
stat.c
statfs.c Take statfs variants to fs/statfs.c 2010-05-21 18:31:17 -04:00
super.c fs: fix superblock iteration race 2010-06-29 10:38:22 -07:00
sync.c Merge branch 'master' into for-linus 2010-06-01 12:42:12 +02:00
timerfd.c fs/timerfd.c: make use of wait_event_interruptible_locked_irq() 2010-05-20 13:21:42 -07:00
utimes.c
xattr_acl.c
xattr.c fs: xattr_handler table should be const 2010-05-21 18:31:18 -04:00