Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 164988 - CAN-2005-2098 Error during attempt to join key management session can leave semaphore pinned
CAN-2005-2098 Error during attempt to join key management session can leave s...
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: David Howells
Brian Brock
: Security
Depends On: 164979
  Show dependency treegraph
Reported: 2005-08-03 06:49 EDT by David Howells
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-29 09:24:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to fix session joining error path (417 bytes, patch)
2005-08-03 06:49 EDT, David Howells
no flags Details | Diff

  None (edit)
Description David Howells 2005-08-03 06:49:07 EDT
+++ This bug was initially created as a clone of Bug #164979 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.0 (like Gecko)

Description of problem:
If a request is made to join a named session keyring, but that keyring does 
not exist, then if the syscall fails to allocate a keyring it'll return an 
error without dropping the semaphore it was holding. 
This can only be encountered in a few ways: ENOMEM, key quota full, empty 
keyring name or keyring name too long; most of which are unlikely, 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. keyctl session "" /bin/true   
2. Any valid keyctl session command 

Actual Results:  Command (2) hangs in the D state. 

Expected Results:  Command (2) should exit with an error or go into the new session as 

Additional info:

Any user can use this command. Whilst the keyctl program could be made to 
validate the argument to prevent accidental incurment, it's still possible to 
suffer from ENOMEM and EDQUOT errors, and it's possible to bypass keyctl 
entirely and invoke the keyctl() system call directly.
Comment 1 David Howells 2005-08-03 06:49:07 EDT
Created attachment 117396 [details]
Patch to fix session joining error path
Comment 2 Mark J. Cox 2005-08-10 07:58:24 EDT
was fixed upstream 20050804
Comment 3 Mark J. Cox 2005-08-29 09:24:06 EDT
         FC3        fixed FEDORA-2005-821 [#164988:CLOSED]
         FC4        fixed FEDORA-2005-820 [#164988:CLOSED]

Note You need to log in before you can comment on or make changes to this bug.