iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/security/keys
History
Kevin Coffman dceba99441 keys: check starting keyring as part of search 
Check the starting keyring as part of the search to (a) see if that is what
we're searching for, and (b) to check it is still valid for searching.

The scenario: User in process A does things that cause things to be created in
its process session keyring.  The user then does an su to another user and
starts a new process, B.  The two processes now share the same process session
keyring.

Process B does an NFS access which results in an upcall to gssd.  When gssd
attempts to instantiate the context key (to be linked into the process session
keyring), it is denied access even though it has an authorization key.

The order of calls is:

   keyctl_instantiate_key()
      lookup_user_key()				    (the default: case)
         search_process_keyrings(current)
	    search_process_keyrings(rka->context)   (recursive call)
	       keyring_search_aux()

keyring_search_aux() verifies the keys and keyrings underneath the top-level
keyring it is given, but that top-level keyring is neither fully validated nor
checked to see if it is the thing being searched for.

This patch changes keyring_search_aux() to:
1) do more validation on the top keyring it is given and
2) check whether that top-level keyring is the thing being searched for

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Paul Moore <paul.moore@hp.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Kevin Coffman <kwc@citi.umich.edu>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-29 08:06:16 -07:00
..
compat.c
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
internal.h
security: replace remaining __FUNCTION__ occurrences
2008-04-18 20:26:07 +10:00
key.c
Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)
2008-02-07 08:42:26 -08:00
keyctl.c
keys: increase the payload size when instantiating a key
2008-04-29 08:06:16 -07:00
keyring.c
keys: check starting keyring as part of search
2008-04-29 08:06:16 -07:00
Makefile
[PATCH] Keys: Split key permissions checking into a .c file
2005-10-08 14:53:31 -07:00
permission.c
[PATCH] keys: Permit running process to instantiate keys
2006-01-08 20:13:53 -08:00
proc.c
security/selinux: constify function pointer tables and fields
2008-01-25 11:29:54 +11:00
process_keys.c
Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)
2008-02-07 08:42:26 -08:00
request_key_auth.c
Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)
2008-02-07 08:42:26 -08:00
request_key.c
Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p)
2008-02-07 08:42:26 -08:00
user_defined.c
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00