[PATCH keys-next] keys: Fix permissions assigned to anonymous session keyrings

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Cc: linux-security-module@vger.kernel.org, James Morris <jmorris@namei.org>
Subject: [PATCH keys-next] keys: Fix permissions assigned to anonymous session keyrings
Date: Tue, 27 Aug 2019 19:18:24 +0000	[thread overview]
Message-ID: <20190827191824.259566-1-ebiggers@kernel.org> (raw)
In-Reply-To: <20190814224106.GG101319@gmail.com>

From: Eric Biggers <ebiggers@google.com>

JOIN permission was incorrectly removed from anonymous session keyrings
when the old-style key permissions were translated to an ACL, thus
breaking 'keyctl new_session'.

Fixes: f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 security/keys/process_keys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index aa3bfcadbc6600..519c94f1cc3c2c 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -58,7 +58,7 @@ static struct key_acl session_keyring_acl = {
 	.possessor_viewable = true,
 	.nr_ace	= 2,
 	.aces = {
-		KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~KEY_ACE_JOIN),
+		KEY_POSSESSOR_ACE(KEY_ACE__PERMS),
 		KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
 	}
 };
-- 
2.23.0.187.g17f5b7556c-goog

WARNING: multiple messages have this Message-ID (diff)

From: Eric Biggers <ebiggers@kernel.org>
To: keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Cc: linux-security-module@vger.kernel.org, James Morris <jmorris@namei.org>
Subject: [PATCH keys-next] keys: Fix permissions assigned to anonymous session keyrings
Date: Tue, 27 Aug 2019 12:18:24 -0700	[thread overview]
Message-ID: <20190827191824.259566-1-ebiggers@kernel.org> (raw)
In-Reply-To: <20190814224106.GG101319@gmail.com>

From: Eric Biggers <ebiggers@google.com>

JOIN permission was incorrectly removed from anonymous session keyrings
when the old-style key permissions were translated to an ACL, thus
breaking 'keyctl new_session'.

Fixes: f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 security/keys/process_keys.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index aa3bfcadbc6600..519c94f1cc3c2c 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -58,7 +58,7 @@ static struct key_acl session_keyring_acl = {
 	.possessor_viewable = true,
 	.nr_ace	= 2,
 	.aces = {
-		KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~KEY_ACE_JOIN),
+		KEY_POSSESSOR_ACE(KEY_ACE__PERMS),
 		KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
 	}
 };
-- 
2.23.0.187.g17f5b7556c-goog

next prev parent reply	other threads:[~2019-08-27 19:18 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-23 15:58 [PATCH 0/2] keys: ACLs David Howells
2019-05-23 15:58 ` David Howells
2019-05-23 15:58 ` [PATCH 1/2] KEYS: Replace uid/gid/perm permissions checking with an ACL David Howells
2019-05-23 15:58   ` David Howells
2019-07-10  1:15   ` Eric Biggers
2019-07-10  1:15     ` Eric Biggers
2019-07-10  1:35     ` Eric Biggers
2019-07-10  1:35       ` Eric Biggers
2019-07-30  3:49     ` Eric Biggers
2019-07-30  3:49       ` Eric Biggers
2019-07-31  1:16       ` Eric Biggers
2019-07-31  1:16         ` Eric Biggers
2019-08-07  2:58         ` Eric Biggers
2019-08-07  2:58           ` Eric Biggers
2019-08-14 22:41           ` Eric Biggers
2019-08-14 22:41             ` Eric Biggers
2019-08-27 19:18             ` Eric Biggers [this message]
2019-08-27 19:18               ` [PATCH keys-next] keys: Fix permissions assigned to anonymous session keyrings Eric Biggers
2019-05-23 15:58 ` [PATCH 2/2] KEYS: Provide KEYCTL_GRANT_PERMISSION David Howells
2019-05-23 15:58   ` David Howells
2019-07-09 20:42   ` Eric Biggers
2019-07-09 20:42     ` Eric Biggers

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:aa3bfcadbc660 dfblob:519c94f1cc3c2 dfblob:aa3bfcadbc660
dfblob:519c94f1cc3c2 )
 OR (
bs:"[PATCH keys-next] keys: Fix permissions assigned to anonymous session keyrings" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190827191824.259566-1-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.