| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <10809.1205151921@redhat.com> Date: Mon, 10 Mar 2008 12:25:21 +0000 From: David Howells <dhowells@...hat.com> To: Arun Raghavan <arunsr@....iitk.ac.in> Cc: dhowells@...hat.com, linux-kernel@...r.kernel.org, satyam@...radead.org Subject: Re: [PATCH] keyring: Incorrect permissions checking in __keyring_search_one() Arun Raghavan <arunsr@....iitk.ac.in> wrote: > The __keyring_search_one() function currently has 2 issues with regards > to permissions: > > 1. It does not check for KEY_SEARCH on the keyring before performing a > search That is correct. This is used by key_create_or_update() to check to see whether there's a key in the current keyring that it can update rather than adding a new key entirely. key_create_or_update() mustn't be bound by KEY_SEARCH permission, and similarly the target key doesn't require KEY_SEARCH permission either; the control here is whether or not the target key has KEY_WRITE permission. > 2. It accepts a "perm" parameter to check whether a given key in the > keyring may be returned. The "perm" parameter is superfluous given that nothing else now calls this function. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists