linux/keys at v5.4.280 - linux - Gitea: Git with a cup of tea

IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to Administrator. User accounts are meant only to access repo and report issues and/or generate pull requests. This is a purpose-specific Git hosting for BaseALT projects. Thank you for your understanding!

Только зарегистрированные пользователи имеют доступ к сервису! Для получения аккаунта, обратитесь к администратору.

iv/linux

History

Christian Göttsche 3899c1d158 security: keys: perform capable check only on privileged operations

[ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ]

If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

2023-09-23 10:59:39 +02:00

..

KEYS: Don't write out to userspace while holding key semaphore

2020-04-23 10:36:45 +02:00

big_key.c

KEYS: Don't write out to userspace while holding key semaphore

2020-04-23 10:36:45 +02:00

compat_dh.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

compat.c

Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"

2019-07-10 18:43:43 -07:00

dh.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

gc.c

Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"

2019-07-10 18:43:43 -07:00

internal.h

mm: add kvfree_sensitive() for freeing sensitive data objects

2020-06-17 16:40:23 +02:00

Kconfig

request_key improvements

2019-07-08 19:19:37 -07:00

key.c

certs: Fix blacklist flag type confusion

2021-03-04 10:26:29 +01:00

keyctl_pkey.c

KEYS: fix length validation in keyctl_pkey_params_get_2()

2022-04-15 14:17:58 +02:00

keyctl.c

security: keys: perform capable check only on privileged operations

2023-09-23 10:59:39 +02:00

keyring.c

KEYS: Don't write out to userspace while holding key semaphore

2020-04-23 10:36:45 +02:00

Makefile

KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2 ]

2018-10-26 09:30:46 +01:00

permission.c

Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"

2019-07-10 18:43:43 -07:00

persistent.c

Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"

2019-07-10 18:43:43 -07:00

proc.c

keys: Fix proc_keys_next to increase position index

2020-04-21 09:04:58 +02:00

process_keys.c

Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"

2019-07-10 18:43:43 -07:00

request_key_auth.c

KEYS: Don't write out to userspace while holding key semaphore

2020-04-23 10:36:45 +02:00

request_key.c

keys: Fix linking a duplicate key to a keyring's assoc_array

2023-08-11 11:53:47 +02:00

sysctl.c

proc/sysctl: add shared variables for range check

2019-07-18 17:08:07 -07:00

trusted.c

KEYS: trusted: Fix migratable=1 failing

2021-03-04 10:26:44 +01:00

user_defined.c

KEYS: Don't write out to userspace while holding key semaphore

2020-04-23 10:36:45 +02:00