From 62dc45dea42b94edd7bf489587e00ed1d4097133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Fri, 18 Mar 2016 13:38:29 +0000 Subject: main/linux-grsec: upgrade to 4.4.6 --- main/linux-grsec/keys-fixes.patch | 37 ------------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 main/linux-grsec/keys-fixes.patch (limited to 'main/linux-grsec/keys-fixes.patch') diff --git a/main/linux-grsec/keys-fixes.patch b/main/linux-grsec/keys-fixes.patch deleted file mode 100644 index 85bbda7e02..0000000000 --- a/main/linux-grsec/keys-fixes.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 911b79cde95c7da0ec02f48105358a36636b7a71 Mon Sep 17 00:00:00 2001 -From: David Howells -Date: Mon, 19 Oct 2015 11:20:28 +0100 -Subject: KEYS: Don't permit request_key() to construct a new keyring - -If request_key() is used to find a keyring, only do the search part - don't -do the construction part if the keyring was not found by the search. We -don't really want keyrings in the negative instantiated state since the -rejected/negative instantiation error value in the payload is unioned with -keyring metadata. - -Now the kernel gives an error: - - request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) - -Signed-off-by: David Howells ---- - security/keys/request_key.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/security/keys/request_key.c b/security/keys/request_key.c -index 486ef6f..0d62531 100644 ---- a/security/keys/request_key.c -+++ b/security/keys/request_key.c -@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx, - - kenter(""); - -+ if (ctx->index_key.type == &key_type_keyring) -+ return ERR_PTR(-EPERM); -+ - user = key_user_lookup(current_fsuid()); - if (!user) - return ERR_PTR(-ENOMEM); --- -cgit v0.11.2 - -- cgit v1.2.3