rpms/kernel/F-11 ecryptfs-check-for-o_rdonly-lower-inodes-when-opening-lower-files.patch, NONE, 1.1 ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch, NONE, 1.1 ecryptfs-handle-unrecognized-tag-3-cipher-codes.patch, NONE, 1.1 ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch, NONE, 1.1 ecryptfs-validate-global-auth-tok-keys.patch, NONE, 1.1 kernel.spec, 1.1755, 1.1756
Chuck Ebbert
cebbert at fedoraproject.org
Wed Oct 7 10:10:45 UTC 2009
- Previous message (by thread): rpms/gnome-media/F-11 .cvsignore, 1.54, 1.55 gnome-media.spec, 1.175, 1.176 sources, 1.53, 1.54
- Next message (by thread): rpms/procps/devel procps-3.2.8-threads.patch, NONE, 1.1 procps.spec, 1.82, 1.83
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1011
Modified Files:
kernel.spec
Added Files:
ecryptfs-check-for-o_rdonly-lower-inodes-when-opening-lower-files.patch
ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch
ecryptfs-handle-unrecognized-tag-3-cipher-codes.patch
ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch
ecryptfs-validate-global-auth-tok-keys.patch
Log Message:
eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)
ecryptfs-check-for-o_rdonly-lower-inodes-when-opening-lower-files.patch:
kthread.c | 24 ++++++++----------------
main.c | 3 +--
2 files changed, 9 insertions(+), 18 deletions(-)
--- NEW FILE ecryptfs-check-for-o_rdonly-lower-inodes-when-opening-lower-files.patch ---
>From ac22ba23b659e34a5961aec8c945608e471b0d5b Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Date: Wed, 12 Aug 2009 01:06:54 -0500
Subject: eCryptfs: Check for O_RDONLY lower inodes when opening lower files
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
commit ac22ba23b659e34a5961aec8c945608e471b0d5b upstream.
If the lower inode is read-only, don't attempt to open the lower file
read/write and don't hand off the open request to the privileged
eCryptfs kthread for opening it read/write. Instead, only try an
unprivileged, read-only open of the file and give up if that fails.
This patch fixes an oops when eCryptfs is mounted on top of a read-only
mount.
Acked-by: Serge Hallyn <serue at us.ibm.com>
Cc: Eric Sandeen <esandeen at redhat.com>
Cc: Dave Kleikamp <shaggy at linux.vnet.ibm.com>
Cc: ecryptfs-devel at lists.launchpad.net
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
fs/ecryptfs/kthread.c | 24 ++++++++----------------
fs/ecryptfs/main.c | 3 +--
2 files changed, 9 insertions(+), 18 deletions(-)
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -136,6 +136,7 @@ int ecryptfs_privileged_open(struct file
const struct cred *cred)
{
struct ecryptfs_open_req *req;
+ int flags = O_LARGEFILE;
int rc = 0;
/* Corresponding dput() and mntput() are done when the
@@ -143,10 +144,14 @@ int ecryptfs_privileged_open(struct file
* destroyed. */
dget(lower_dentry);
mntget(lower_mnt);
- (*lower_file) = dentry_open(lower_dentry, lower_mnt,
- (O_RDWR | O_LARGEFILE), cred);
+ flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR;
+ (*lower_file) = dentry_open(lower_dentry, lower_mnt, flags, cred);
if (!IS_ERR(*lower_file))
goto out;
+ if (flags & O_RDONLY) {
+ rc = PTR_ERR((*lower_file));
+ goto out;
+ }
req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
if (!req) {
rc = -ENOMEM;
@@ -180,21 +185,8 @@ int ecryptfs_privileged_open(struct file
__func__);
goto out_unlock;
}
- if (IS_ERR(*req->lower_file)) {
+ if (IS_ERR(*req->lower_file))
rc = PTR_ERR(*req->lower_file);
- dget(lower_dentry);
- mntget(lower_mnt);
- (*lower_file) = dentry_open(lower_dentry, lower_mnt,
- (O_RDONLY | O_LARGEFILE), cred);
- if (IS_ERR(*lower_file)) {
- rc = PTR_ERR(*req->lower_file);
- (*lower_file) = NULL;
- printk(KERN_WARNING "%s: Error attempting privileged "
- "open of lower file with either RW or RO "
- "perms; rc = [%d]. Giving up.\n",
- __func__, rc);
- }
- }
out_unlock:
mutex_unlock(&req->mux);
out_free:
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -129,11 +129,10 @@ int ecryptfs_init_persistent_file(struct
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
rc = ecryptfs_privileged_open(&inode_info->lower_file,
lower_dentry, lower_mnt, cred);
- if (rc || IS_ERR(inode_info->lower_file)) {
+ if (rc) {
printk(KERN_ERR "Error opening lower persistent file "
"for lower_dentry [0x%p] and lower_mnt [0x%p]; "
"rc = [%d]\n", lower_dentry, lower_mnt, rc);
- rc = PTR_ERR(inode_info->lower_file);
inode_info->lower_file = NULL;
}
}
ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch:
crypto.c | 4 ++--
keystore.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
--- NEW FILE ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch ---
>From df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Date: Fri, 21 Aug 2009 04:27:46 -0500
Subject: eCryptfs: Filename encryption only supports password auth tokens
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
commit df6ad33ba1b9846bd5f0e2b9016c30c20bc2d948 upstream.
Returns -ENOTSUPP when attempting to use filename encryption with
something other than a password authentication token, such as a private
token from openssl. Using filename encryption with a userspace eCryptfs
key module is a future goal. Until then, this patch handles the
situation a little better than simply using a BUG_ON().
Acked-by: Serge Hallyn <serue at us.ibm.com>
Cc: ecryptfs-devel at lists.launchpad.net
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
fs/ecryptfs/crypto.c | 4 ++--
fs/ecryptfs/keystore.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1703,7 +1703,7 @@ ecryptfs_encrypt_filename(struct ecryptf
} else {
printk(KERN_ERR "%s: No support for requested filename "
"encryption method in this release\n", __func__);
- rc = -ENOTSUPP;
+ rc = -EOPNOTSUPP;
goto out;
}
out:
@@ -2167,7 +2167,7 @@ int ecryptfs_encrypt_and_encode_filename
(*encoded_name)[(*encoded_name_size)] = '\0';
(*encoded_name_size)++;
} else {
- rc = -ENOTSUPP;
+ rc = -EOPNOTSUPP;
}
if (rc) {
printk(KERN_ERR "%s: Error attempting to encode "
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -612,7 +612,12 @@ ecryptfs_write_tag_70_packet(char *dest,
}
/* TODO: Support other key modules than passphrase for
* filename encryption */
- BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
+ if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
+ rc = -EOPNOTSUPP;
+ printk(KERN_INFO "%s: Filename encryption only supports "
+ "password tokens\n", __func__);
+ goto out_free_unlock;
+ }
sg_init_one(
&s->hash_sg,
(u8 *)s->auth_tok->token.password.session_key_encryption_key,
@@ -910,7 +915,12 @@ ecryptfs_parse_tag_70_packet(char **file
}
/* TODO: Support other key modules than passphrase for
* filename encryption */
- BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD);
+ if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) {
+ rc = -EOPNOTSUPP;
+ printk(KERN_INFO "%s: Filename encryption only supports "
+ "password tokens\n", __func__);
+ goto out_free_unlock;
+ }
rc = crypto_blkcipher_setkey(
s->desc.tfm,
s->auth_tok->token.password.session_key_encryption_key,
ecryptfs-handle-unrecognized-tag-3-cipher-codes.patch:
crypto.c | 1 +
keystore.c | 10 +++++++---
2 files changed, 8 insertions(+), 3 deletions(-)
--- NEW FILE ecryptfs-handle-unrecognized-tag-3-cipher-codes.patch ---
>From b0105eaefa7cce8f4a941d0fc6354b250d30e745 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Date: Tue, 11 Aug 2009 00:36:32 -0500
Subject: eCryptfs: Handle unrecognized tag 3 cipher codes
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
commit b0105eaefa7cce8f4a941d0fc6354b250d30e745 upstream.
Returns an error when an unrecognized cipher code is present in a tag 3
packet or an ecryptfs_crypt_stat cannot be initialized. Also sets an
crypt_stat->tfm error pointer to NULL to ensure that it will not be
incorrectly freed in ecryptfs_destroy_crypt_stat().
Acked-by: Serge Hallyn <serue at us.ibm.com>
Cc: ecryptfs-devel at lists.launchpad.net
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
fs/ecryptfs/crypto.c | 1 +
fs/ecryptfs/keystore.c | 10 +++++++---
2 files changed, 8 insertions(+), 3 deletions(-)
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -797,6 +797,7 @@ int ecryptfs_init_crypt_ctx(struct ecryp
kfree(full_alg_name);
if (IS_ERR(crypt_stat->tfm)) {
rc = PTR_ERR(crypt_stat->tfm);
+ crypt_stat->tfm = NULL;
ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
"Error initializing cipher [%s]\n",
crypt_stat->cipher);
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1316,8 +1316,10 @@ parse_tag_3_packet(struct ecryptfs_crypt
rc = -EINVAL;
goto out_free;
}
- ecryptfs_cipher_code_to_string(crypt_stat->cipher,
- (u16)data[(*packet_size)]);
+ rc = ecryptfs_cipher_code_to_string(crypt_stat->cipher,
+ (u16)data[(*packet_size)]);
+ if (rc)
+ goto out_free;
/* A little extra work to differentiate among the AES key
* sizes; see RFC2440 */
switch(data[(*packet_size)++]) {
@@ -1328,7 +1330,9 @@ parse_tag_3_packet(struct ecryptfs_crypt
crypt_stat->key_size =
(*new_auth_tok)->session_key.encrypted_key_size;
}
- ecryptfs_init_crypt_ctx(crypt_stat);
+ rc = ecryptfs_init_crypt_ctx(crypt_stat);
+ if (rc)
+ goto out_free;
if (unlikely(data[(*packet_size)++] != 0x03)) {
printk(KERN_WARNING "Only S2K ID 3 is currently supported\n");
rc = -ENOSYS;
ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch:
inode.c | 2 ++
1 file changed, 2 insertions(+)
--- NEW FILE ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch ---
>From 9c2d2056647790c5034d722bd24e9d913ebca73c Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Date: Tue, 22 Sep 2009 12:52:17 -0500
Subject: eCryptfs: Prevent lower dentry from going negative during unlink
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
commit 9c2d2056647790c5034d722bd24e9d913ebca73c upstream.
When calling vfs_unlink() on the lower dentry, d_delete() turns the
dentry into a negative dentry when the d_count is 1. This eventually
caused a NULL pointer deref when a read() or write() was done and the
negative dentry's d_inode was dereferenced in
ecryptfs_read_update_atime() or ecryptfs_getxattr().
Placing mutt's tmpdir in an eCryptfs mount is what initially triggered
the oops and I was able to reproduce it with the following sequence:
open("/tmp/upper/foo", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 3
link("/tmp/upper/foo", "/tmp/upper/bar") = 0
unlink("/tmp/upper/foo") = 0
open("/tmp/upper/bar", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 4
unlink("/tmp/upper/bar") = 0
write(4, "eCryptfs test\n"..., 14 <unfinished ...>
+++ killed by SIGKILL +++
https://bugs.launchpad.net/ecryptfs/+bug/387073
Reported-by: Loïc Minier <loic.minier at canonical.com>
Cc: Serge Hallyn <serue at us.ibm.com>
Cc: Dave Kleikamp <shaggy at linux.vnet.ibm.com>
Cc: ecryptfs-devel at lists.launchpad.net
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
fs/ecryptfs/inode.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -476,6 +476,7 @@ static int ecryptfs_unlink(struct inode
struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
struct dentry *lower_dir_dentry;
+ dget(lower_dentry);
lower_dir_dentry = lock_parent(lower_dentry);
rc = vfs_unlink(lower_dir_inode, lower_dentry);
if (rc) {
@@ -489,6 +490,7 @@ static int ecryptfs_unlink(struct inode
d_drop(dentry);
out_unlock:
unlock_dir(lower_dir_dentry);
+ dput(lower_dentry);
return rc;
}
ecryptfs-validate-global-auth-tok-keys.patch:
keystore.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE ecryptfs-validate-global-auth-tok-keys.patch ---
>From 3891959846709a19f76628e33478cd85edb0e79f Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Date: Wed, 26 Aug 2009 01:54:56 -0500
Subject: eCryptfs: Validate global auth tok keys
From: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
commit 3891959846709a19f76628e33478cd85edb0e79f upstream.
When searching through the global authentication tokens for a given key
signature, verify that a matching key has not been revoked and has not
expired. This allows the `keyctl revoke` command to be properly used on
keys in use by eCryptfs.
Acked-by: Serge Hallyn <serue at us.ibm.com>
Cc: ecryptfs-devel at lists.launchpad.net
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
fs/ecryptfs/keystore.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -416,7 +416,9 @@ ecryptfs_find_global_auth_tok_for_sig(
&mount_crypt_stat->global_auth_tok_list,
mount_crypt_stat_list) {
if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) {
- (*global_auth_tok) = walker;
+ rc = key_validate(walker->global_auth_tok_key);
+ if (!rc)
+ (*global_auth_tok) = walker;
goto out;
}
}
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1755
retrieving revision 1.1756
diff -u -p -r1.1755 -r1.1756
--- kernel.spec 6 Oct 2009 12:37:23 -0000 1.1755
+++ kernel.spec 7 Oct 2009 10:10:43 -0000 1.1756
@@ -614,6 +614,12 @@ Patch150: linux-2.6.29-sparc-IOC_TYPECHE
Patch160: linux-2.6-execshield.patch
Patch200: linux-2.6-ext4-prealloc-fixes.patch
+# eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)
+Patch210: ecryptfs-handle-unrecognized-tag-3-cipher-codes.patch
+Patch211: ecryptfs-check-for-o_rdonly-lower-inodes-when-opening-lower-files.patch
+Patch212: ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch
+Patch213: ecryptfs-validate-global-auth-tok-keys.patch
+Patch214: ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch
Patch250: linux-2.6-debug-sizeof-structs.patch
Patch260: linux-2.6-debug-nmi-timeout.patch
@@ -1248,6 +1254,14 @@ ApplyPatch linux-2.6-execshield.patch
# ecryptfs
+# 5 fixes from 2.6.31.2
+ApplyPatch ecryptfs-handle-unrecognized-tag-3-cipher-codes.patch
+ApplyPatch ecryptfs-check-for-o_rdonly-lower-inodes-when-opening-lower-files.patch
+ApplyPatch ecryptfs-filename-encryption-only-supports-password-auth-tokens.patch
+ApplyPatch ecryptfs-validate-global-auth-tok-keys.patch
+# fixes CVE-2009-2908
+ApplyPatch ecryptfs-prevent-lower-dentry-from-going-negative-during-unlink.patch
+
# nfs
# cifs
@@ -2032,6 +2046,9 @@ fi
# and build.
%changelog
+* Wed Oct 07 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-77
+- eCryptfs fixes taken from 2.6.31.2 (fixes CVE-2009-2908)
+
* Tue Oct 06 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-76
- fix race in forcedeth network driver (#526546)
- Previous message (by thread): rpms/gnome-media/F-11 .cvsignore, 1.54, 1.55 gnome-media.spec, 1.175, 1.176 sources, 1.53, 1.54
- Next message (by thread): rpms/procps/devel procps-3.2.8-threads.patch, NONE, 1.1 procps.spec, 1.82, 1.83
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list