From: Greg KH <greg@kroah.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@linux-nfs.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] KEYS: Skip key state checks when checking for possession
Date: Tue, 18 Jun 2013 09:55:45 -0700 [thread overview]
Message-ID: <20130618165545.GA29639@kroah.com> (raw)
In-Reply-To: <20130618164722.23443.23372.stgit@warthog.procyon.org.uk>
On Tue, Jun 18, 2013 at 05:47:22PM +0100, David Howells wrote:
> Skip key state checks (invalidation, revocation and expiration) when checking
> for possession. Without this, keys that have been marked invalid, revoked
> keys and expired keys are not given a possession attribute - which means the
> possessor is not granted any possession permits and cannot do anything with
> them unless they also have one a user, group or other permit.
>
> This causes failures in the keyutils test suite's revocation and expiration
> tests now that commit 96b5c8fea6c0861621051290d705ec2e971963f1 reduced the
> initial permissions granted to a key.
>
> The failures are due to accesses to revoked and expired keys being given
> EACCES instead of EKEYREVOKED or EKEYEXPIRED.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>
> security/keys/internal.h | 1 +
> security/keys/process_keys.c | 8 +++++---
> security/keys/request_key.c | 6 ++++--
> security/keys/request_key_auth.c | 2 +-
> 4 files changed, 11 insertions(+), 6 deletions(-)
>
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read Documentation/stable_kernel_rules.txt
for how to do this properly.
</formletter>
prev parent reply other threads:[~2013-06-18 16:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-18 16:47 [PATCH] KEYS: Skip key state checks when checking for possession David Howells
2013-06-18 16:55 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130618165545.GA29639@kroah.com \
--to=greg@kroah.com \
--cc=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.