swh:1:snp:3c665ee4f67729f27f2e40193ab88e7298cf0fef
Revision 879669961b11e7f40b518784863a259f735a72bf authored by David Howells on 17 June 2011, 10:25:59 UTC, committed by Linus Torvalds on 17 June 2011, 16:40:48 UTC
____call_usermodehelper() now erases any credentials set by the subprocess_inf::init() function. The problem is that commit 17f60a7da150 ("capabilites: allow the application of capability limits to usermode helpers") creates and commits new credentials with prepare_kernel_cred() after the call to the init() function. This wipes all keyrings after umh_keys_init() is called. The best way to deal with this is to put the init() call just prior to the commit_creds() call, and pass the cred pointer to init(). That means that umh_keys_init() and suchlike can modify the credentials _before_ they are published and potentially in use by the rest of the system. This prevents request_key() from working as it is prevented from passing the session keyring it set up with the authorisation token to /sbin/request-key, and so the latter can't assume the authority to instantiate the key. This causes the in-kernel DNS resolver to fail with ENOKEY unconditionally. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Eric Paris <eparis@redhat.com> Tested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent eb96c92
Tip revision: 64222515138e43da1fcf288f0289ef1020427b87 authored by Linus Torvalds on 22 October 2021, 05:06:08 UTC
Merge tag 'drm-fixes-2021-10-22' of git://anongit.freedesktop.org/drm/drm
Merge tag 'drm-fixes-2021-10-22' of git://anongit.freedesktop.org/drm/drm
Tip revision: 6422251
File | Mode | Size |
---|---|---|
Documentation | ||
arch | ||
block | ||
crypto | ||
drivers | ||
firmware | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.gitignore | -rw-r--r-- | 966 bytes |
.mailmap | -rw-r--r-- | 4.2 KB |
COPYING | -rw-r--r-- | 18.3 KB |
CREDITS | -rw-r--r-- | 92.3 KB |
Kbuild | -rw-r--r-- | 2.4 KB |
Kconfig | -rw-r--r-- | 252 bytes |
MAINTAINERS | -rw-r--r-- | 189.9 KB |
Makefile | -rw-r--r-- | 52.2 KB |
README | -rw-r--r-- | 17.1 KB |
REPORTING-BUGS | -rw-r--r-- | 3.3 KB |
Computing file changes ...