iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/security/keys
History
Christian Göttsche 2d7f105edb security: keys: perform capable check only on privileged operations 
If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-07-28 18:07:41 +00:00
..
encrypted-keys
KEYS: encrypted: fix key instantiation with user-provided data
2022-10-19 13:01:23 -04:00
trusted-keys
security: keys: Modify mismatched function name
2023-07-17 19:40:27 +00:00
big_key.c
big_keys: Use struct for internal payload
2022-05-16 16:02:21 -07:00
compat_dh.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
compat.c
security/keys: remove compat_keyctl_instantiate_key_iov
2020-10-03 00:02:16 -04:00
dh.c
KEYS: DH: Use crypto_wait_req
2023-02-13 18:34:48 +08:00
gc.c
watch_queue: Add a key/keyring notification facility
2020-05-19 15:19:06 +01:00
internal.h
KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL
2022-09-21 17:32:48 -07:00
Kconfig
KEYS: trusted: allow use of TEE as backend without TCG_TPM support
2022-05-23 18:47:50 +03:00
key.c
KEYS: Add new function key_create()
2023-02-13 10:11:20 +02:00
keyctl_pkey.c
KEYS: fix length validation in keyctl_pkey_params_get_2()
2022-03-08 10:33:18 +02:00
keyctl.c
security: keys: perform capable check only on privileged operations
2023-07-28 18:07:41 +00:00
keyring.c
security/keys: Remove inconsistent __user annotation
2022-10-05 00:25:56 +03:00
Makefile
KEYS: remove CONFIG_KEYS_COMPAT
2019-12-12 23:41:17 +02:00
permission.c
keys: Make the KEY_NEED_* perms an enum rather than a mask
2020-05-19 15:42:22 +01:00
persistent.c
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
2019-07-10 18:43:43 -07:00
proc.c
keys: Fix proc_keys_next to increase position index
2020-04-16 10:10:50 -07:00
process_keys.c
ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring
2021-10-20 10:34:20 -05:00
request_key_auth.c
KEYS: Don't write out to userspace while holding key semaphore
2020-03-29 12:40:41 +01:00
request_key.c
keys: Fix linking a duplicate key to a keyring's assoc_array
2023-07-17 19:32:30 +00:00
sysctl.c
sysctl: move security keys sysctl registration to its own file
2023-06-08 15:42:02 -07:00
user_defined.c
mm, treewide: rename kzfree() to kfree_sensitive()
2020-08-07 11:33:22 -07:00