From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: keyrings@vger.kernel.org
Subject: Re: [RESEND] security/keys: remove possessor verify after key permission check
Date: Tue, 05 May 2020 13:07:00 +0000 [thread overview]
Message-ID: <20200505130440.GA134046@linux.intel.com> (raw)
In-Reply-To: <20200505091958.GD16980@willie-the-truck>
On Tue, May 05, 2020 at 10:19:59AM +0100, Will Deacon wrote:
> On Thu, Apr 30, 2020 at 10:34:03AM +0300, Alexey Krasikov wrote:
> > In security/keys/keyctl.c: keyctl_read_key() after key_permission() check
> > is called is_key_possessed(). According to the current logic, if the caller is
> > a possessor, then it can read the key regardless of whether it has rights
> > to do so.
> >
> > if I remove the possessor read rights:
> > keyctl_setperm(key, KEY_POS_ALL & (~KEY_POS_SETATTR));
> > the calling process will still be able to read the key if it is possessor.
> >
> > In other words, if the possessor doesn't have read rights, it doesn't matter.
> >
> > ---
> > I may be misunderstanding the logic behind it, but here's the patch to
> > stir the discussion.
> >
> > Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
> > ---
> > security/keys/keyctl.c | 15 +--------------
> > 1 file changed, 1 insertion(+), 14 deletions(-)
>
> Hmm, looks like this still didn't make it to the keyrings@ list :(
>
> On the off-chance that my reply /does/ make it, I've left the whole of the
> patch intact below. Please can somebody have a look?
>
> Will
Hi, I'm on this. Just didn't have time last week. Looking it through
on *some* day this week properly.
/Jarkko
next prev parent reply other threads:[~2020-05-05 13:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 9:19 [RESEND] security/keys: remove possessor verify after key permission check Will Deacon
2020-05-05 13:07 ` Jarkko Sakkinen [this message]
2020-05-07 7:24 ` Jarkko Sakkinen
2020-05-13 16:50 ` Jarkko Sakkinen
2020-05-27 19:47 ` Jarkko Sakkinen
2020-05-27 19:58 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200505130440.GA134046@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.