| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Apr 2012 13:07:05 -0400 From: Jeff Layton <jlayton@...hat.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com>, David Howells <dhowells@...hat.com> Cc: jmorris@...ei.org, linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org, linux-kernel@...r.kernel.org Subject: Re: [Keyrings] [PATCH 2/9] keys: update the description with info about "logon" keys On Wed, 28 Mar 2012 07:28:18 -0400 Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote: > On Wed, 2012-03-28 at 11:46 +0100, David Howells wrote: > > From: Jeff Layton <jlayton@...hat.com> > > > > Signed-off-by: Jeff Layton <jlayton@...hat.com> > > Signed-off-by: David Howells <dhowells@...hat.com> > > --- > > > > Documentation/security/keys.txt | 15 ++++++++++++++- > > 1 files changed, 14 insertions(+), 1 deletions(-) > > > > diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt > > index 7877170..4c8cf36 100644 > > --- a/Documentation/security/keys.txt > > +++ b/Documentation/security/keys.txt > > @@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW > > > > The key service provides a number of features besides keys: > > > > - (*) The key service defines two special key types: > > + (*) The key service defines three special key types: > > > > (+) "keyring" > > > > @@ -137,6 +137,19 @@ The key service provides a number of features besides keys: > > blobs of data. These can be created, updated and read by userspace, > > and aren't intended for use by kernel services. > > > > + (+) "logon" > > + > > + Like a "user" key, a "logon" key has a payload that is an arbitrary > > + blob of data. It is intended as a place to store secrets that the > > + to which the kernel should have access but that should not be > > + accessable from userspace. > > The last sentence is a bit awkward. Can we rephrase it a bit? Maybe > "which is accessible by the kernel, ..."? > > thanks, > > Mimi > Sorry for the late response. I somehow missed this email a few days ago. I can reword it to make it a bit clearer. David, should I send a respin of this patch or a new one on top of this one? > > + > > + The description can be arbitrary, but must be prefixed with a non-zero > > + length string that describes the key "subclass". The subclass is > > + separated from the rest of the description by a ':'. "logon" keys can > > + be created and updated by userspace, but the payload is only readable > > + from kernel space. > > + > > (*) Each process subscribes to three keyrings: a thread-specific keyring, a > > process-specific keyring, and a session-specific keyring. > > > -- Jeff Layton <jlayton@...hat.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists