Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-27 21:33:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
4aa68e07d8
linux/security/keys
History
Eric Biggers 4aa68e07d8 KEYS: restrict /proc/keys by credentials at open time 
When checking for permission to view keys whilst reading from
/proc/keys, we should use the credentials with which the /proc/keys file
was opened.  This is because, in a classic type of exploit, it can be
possible to bypass checks for the *current* credentials by passing the
file descriptor to a suid program.

Following commit 34dbbcdbf6 ("Make file credentials available to the
seqfile interfaces") we can finally fix it.  So let's do it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2017-09-25 15:19:57 +01:00
..
encrypted-keys There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
big_key.c fs: fix kernel_write prototype 2017-09-04 19:05:15 -04:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
compat.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
gc.c KEYS: sanitize key structs before freeing 2017-06-09 13:29:48 +10:00
internal.h KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
Kconfig KEYS: Convert KEYCTL_DH_COMPUTE to use the crypto KPP API 2017-06-09 13:29:50 +10:00
key.c KEYS: reset parent each time before searching key_user_tree 2017-09-25 15:19:57 +01:00
keyctl.c KEYS: prevent KEYCTL_READ on negative key 2017-09-25 15:19:57 +01:00
keyring.c KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
Makefile KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c KEYS: restrict /proc/keys by credentials at open time 2017-09-25 15:19:57 +01:00
process_keys.c KEYS: prevent creating a different user's keyrings 2017-09-25 15:19:57 +01:00
request_key_auth.c KEYS: don't revoke uninstantiated key in request_key_auth_new() 2017-09-25 15:19:56 +01:00
request_key.c doc: ReSTify keys-request-key.txt 2017-05-18 10:33:51 -06:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c There has been a fair amount of activity in the docs tree this time 2017-07-03 21:13:25 -07:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: user_defined: sanitize key payloads 2017-06-09 13:29:48 +10:00