Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-13 15:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
237bbd29f7
linux/security/keys
History
Eric Biggers 237bbd29f7 KEYS: prevent creating a different user's keyrings 
It was possible for an unprivileged user to create the user and user
session keyrings for another user.  For example:

    sudo -u '#3000' sh -c 'keyctl add keyring _uid.4000 "" @u
                           keyctl add keyring _uid_ses.4000 "" @u
                           sleep 15' &
    sleep 1
    sudo -u '#4000' keyctl describe @u
    sudo -u '#4000' keyctl describe @us

This is problematic because these "fake" keyrings won't have the right
permissions.  In particular, the user who created them first will own
them and will have full access to them via the possessor permissions,
which can be used to compromise the security of a user's keys:

    -4: alswrv-----v------------  3000     0 keyring: _uid.4000
    -5: alswrv-----v------------  3000     0 keyring: _uid_ses.4000

Fix it by marking user and user session keyrings with a flag
KEY_FLAG_UID_KEYRING.  Then, when searching for a user or user session
keyring by name, skip all keyrings that don't have the flag set.

Fixes: 69664cf16a ("keys: don't generate user and user session keyrings unless they're accessed")
Cc: <stable@vger.kernel.org>	[v2.6.26+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2017-09-25 15:19:57 +01:00
..
encrypted-keys There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
big_key.c fs: fix kernel_write prototype 2017-09-04 19:05:15 -04:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
compat.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
gc.c KEYS: sanitize key structs before freeing 2017-06-09 13:29:48 +10:00
internal.h KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
Kconfig KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API 2017-06-09 13:29:50 +10:00
key.c KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
keyctl.c KEYS: fix key refcount leak in keyctl_read_key() 2017-09-25 15:19:57 +01:00
keyring.c KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
Makefile KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c security, keys: convert key_user.usage from atomic_t to refcount_t 2017-04-03 10:49:06 +10:00
process_keys.c KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
request_key_auth.c KEYS: don't revoke uninstantiated key in request_key_auth_new() 2017-09-25 15:19:56 +01:00
request_key.c doc: ReSTify keys-request-key.txt 2017-05-18 10:33:51 -06:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: user_defined: sanitize key payloads 2017-06-09 13:29:48 +10:00