Re: [PATCH] keyring: Incorrect permissions checking in __keyring_search_one()

From: David Howells
Date: Mon Mar 10 2008 - 08:25:45 EST

Next message: Tarkan Erimer: "Re: [BUG] Linux-2.6.25-rc4 (and also in rc3) Compile Error"
Previous message: Mauro Carvalho Chehab: "Re: [PATCH] em28xx-core.c: add missing parentheses inem28xx_write_ac97()"
In reply to: Arun Raghavan: "[PATCH] keyring: Incorrect permissions checking in __keyring_search_one()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arun Raghavan <arunsr@xxxxxxxxxxxxxx> wrote:

> The __keyring_search_one() function currently has 2 issues with regards
> to permissions:
>
> 1. It does not check for KEY_SEARCH on the keyring before performing a
> search

That is correct. This is used by key_create_or_update() to check to see
whether there's a key in the current keyring that it can update rather than
adding a new key entirely. key_create_or_update() mustn't be bound by
KEY_SEARCH permission, and similarly the target key doesn't require KEY_SEARCH
permission either; the control here is whether or not the target key has
KEY_WRITE permission.

> 2. It accepts a "perm" parameter to check whether a given key in the
> keyring may be returned.

The "perm" parameter is superfluous given that nothing else now calls this
function.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tarkan Erimer: "Re: [BUG] Linux-2.6.25-rc4 (and also in rc3) Compile Error"
Previous message: Mauro Carvalho Chehab: "Re: [PATCH] em28xx-core.c: add missing parentheses inem28xx_write_ac97()"
In reply to: Arun Raghavan: "[PATCH] keyring: Incorrect permissions checking in __keyring_search_one()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]