mirror of
https://github.com/torvalds/linux.git
synced 2024-12-28 13:51:44 +00:00
KEYS: Don't permit request_key() to construct a new keyring
If request_key() is used to find a keyring, only do the search part - don't do the construction part if the keyring was not found by the search. We don't really want keyrings in the negative instantiated state since the rejected/negative instantiation error value in the payload is unioned with keyring metadata. Now the kernel gives an error: request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
f05819df10
commit
911b79cde9
@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
|
||||
|
||||
kenter("");
|
||||
|
||||
if (ctx->index_key.type == &key_type_keyring)
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
user = key_user_lookup(current_fsuid());
|
||||
if (!user)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
Loading…
Reference in New Issue
Block a user