Re: [PATCH] keys: Allow disabling read permissions for key possessor

From: Jarkko Sakkinen
Date: Mon Mar 22 2021 - 22:03:32 EST

Next message: zuoqilin1: "[PATCH] net/smc: Simplify the return expression"
Previous message: Jiapeng Chong: "[PATCH] media: staging: media: Remove redundant NULL check"
In reply to: Eric Biggers: "Re: [PATCH] keys: Allow disabling read permissions for key possessor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 22, 2021 at 12:57:26PM +0300, Andrey Ryabinin wrote:
> keyctl_read_key() has a strange code which allows possessor to read
> key's payload regardless of READ permission status:
>
> $ keyctl add user test test @u
> 196773443
> $ keyctl print 196773443
> test
> $ keyctl describe 196773443
> 196773443: alswrv-----v------------ 1000 1000 user: test
> $ keyctl rdescribe 196773443
> user;1000;1000;3f010000;test
> $ keyctl setperm 196773443 0x3d010000
> $ keyctl describe 196773443
> 196773443: alsw-v-----v------------ 1000 1000 user: test
> $ keyctl print 196773443
> test
>
> The last keyctl print should fail with -EACCESS instead of success.
> Fix this by removing weird possessor checks.
>
> Signed-off-by: Andrey Ryabinin <arbn@xxxxxxxxxxxxxx>

I wrote a new test. If you include a test into a commit please
describe it so that it can be easily executed. Otherwise, it is
somewhat useless.

Anyway,

https://gist.github.com/jarkk0sakkinen/7b417be20cb52ed971a90561192f0883

David, why all of these end up allowing to still print the payload?

/Jarkko

Next message: zuoqilin1: "[PATCH] net/smc: Simplify the return expression"
Previous message: Jiapeng Chong: "[PATCH] media: staging: media: Remove redundant NULL check"
In reply to: Eric Biggers: "Re: [PATCH] keys: Allow disabling read permissions for key possessor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]