1. 02 8月, 2010 16 次提交
  2. 31 7月, 2010 1 次提交
  3. 23 7月, 2010 1 次提交
    • D
      CIFS: Fix a malicious redirect problem in the DNS lookup code · 4c0c03ca
      David Howells 提交于
      Fix the security problem in the CIFS filesystem DNS lookup code in which a
      malicious redirect could be installed by a random user by simply adding a
      result record into one of their keyrings with add_key() and then invoking a
      CIFS CFS lookup [CVE-2010-2524].
      
      This is done by creating an internal keyring specifically for the caching of
      DNS lookups.  To enforce the use of this keyring, the module init routine
      creates a set of override credentials with the keyring installed as the thread
      keyring and instructs request_key() to only install lookup result keys in that
      keyring.
      
      The override is then applied around the call to request_key().
      
      This has some additional benefits when a kernel service uses this module to
      request a key:
      
       (1) The result keys are owned by root, not the user that caused the lookup.
      
       (2) The result keys don't pop up in the user's keyrings.
      
       (3) The result keys don't come out of the quota of the user that caused the
           lookup.
      
      The keyring can be viewed as root by doing cat /proc/keys:
      
      2a0ca6c3 I-----     1 perm 1f030000     0     0 keyring   .dns_resolver: 1/4
      
      It can then be listed with 'keyctl list' by root.
      
      	# keyctl list 0x2a0ca6c3
      	1 key in keyring:
      	726766307: --alswrv     0     0 dns_resolver: foo.bar.com
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Reviewed-and-Tested-by: NJeff Layton <jlayton@redhat.com>
      Acked-by: NSteve French <smfrench@gmail.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4c0c03ca
  4. 17 6月, 2010 6 次提交
  5. 12 6月, 2010 2 次提交
  6. 02 6月, 2010 1 次提交
  7. 28 5月, 2010 1 次提交
  8. 18 5月, 2010 3 次提交
  9. 12 5月, 2010 2 次提交
    • S
      [CIFS] drop quota operation stubs · aa3e5572
      Steve French 提交于
      CIFS has stubs for XFS-style quotas without an actual implementation backing
      them, hidden behind a config option not visible in Kconfig.  Remove these
      stubs for now as the quota operations will see some major changes and this
      code simply gets in the way.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NJeff Layton <jlayton@samba.org>
      Signed-off-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      aa3e5572
    • J
      cifs: guard against hardlinking directories · 3d694380
      Jeff Layton 提交于
      When we made serverino the default, we trusted that the field sent by the
      server in the "uniqueid" field was actually unique. It turns out that it
      isn't reliably so.
      
      Samba, in particular, will just put the st_ino in the uniqueid field when
      unix extensions are enabled. When a share spans multiple filesystems, it's
      quite possible that there will be collisions. This is a server bug, but
      when the inodes in question are a directory (as is often the case) and
      there is a collision with the root inode of the mount, the result is a
      kernel panic on umount.
      
      Fix this by checking explicitly for directory inodes with the same
      uniqueid. If that is the case, then we can assume that using server inode
      numbers will be a problem and that they should be disabled.
      
      Fixes Samba bugzilla 7407
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      CC: Stable <stable@kernel.org>
      Reviewed-and-Tested-by: NSuresh Jayaraman <sjayaraman@suse.de>
      Signed-off-by: NSteve French <sfrench@us.ibm.com>
      3d694380
  10. 11 5月, 2010 2 次提交
  11. 10 5月, 2010 1 次提交
  12. 06 5月, 2010 3 次提交
  13. 28 4月, 2010 1 次提交