lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120402130705.285e5dc0@corrin.poochiereds.net>
Date:	Mon, 2 Apr 2012 13:07:05 -0400
From:	Jeff Layton <jlayton@...hat.com>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	David Howells <dhowells@...hat.com>
Cc:	jmorris@...ei.org, linux-security-module@...r.kernel.org,
	keyrings@...ux-nfs.org, linux-kernel@...r.kernel.org
Subject: Re: [Keyrings] [PATCH 2/9] keys: update the description with info
 about "logon" keys

On Wed, 28 Mar 2012 07:28:18 -0400
Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:

> On Wed, 2012-03-28 at 11:46 +0100, David Howells wrote:
> > From: Jeff Layton <jlayton@...hat.com>
> > 
> > Signed-off-by: Jeff Layton <jlayton@...hat.com>
> > Signed-off-by: David Howells <dhowells@...hat.com>
> > ---
> > 
> >  Documentation/security/keys.txt |   15 ++++++++++++++-
> >  1 files changed, 14 insertions(+), 1 deletions(-)
> > 
> > diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
> > index 7877170..4c8cf36 100644
> > --- a/Documentation/security/keys.txt
> > +++ b/Documentation/security/keys.txt
> > @@ -123,7 +123,7 @@ KEY SERVICE OVERVIEW
> > 
> >  The key service provides a number of features besides keys:
> > 
> > - (*) The key service defines two special key types:
> > + (*) The key service defines three special key types:
> > 
> >       (+) "keyring"
> > 
> > @@ -137,6 +137,19 @@ The key service provides a number of features besides keys:
> >  	 blobs of data. These can be created, updated and read by userspace,
> >  	 and aren't intended for use by kernel services.
> > 
> > +     (+) "logon"
> > +
> > +         Like a "user" key, a "logon" key has a payload that is an arbitrary
> > +         blob of data. It is intended as a place to store secrets that the
> > +         to which the kernel should have access but that should not be
> > +         accessable from userspace.
> 
> The last sentence is a bit awkward.  Can we rephrase it a bit?  Maybe
> "which is accessible by the kernel, ..."?
> 
> thanks,
> 
> Mimi
> 

Sorry for the late response. I somehow missed this email a few days
ago. I can reword it to make it a bit clearer. David, should I send a
respin of this patch or a new one on top of this one?

> > +
> > +         The description can be arbitrary, but must be prefixed with a non-zero
> > +         length string that describes the key "subclass". The subclass is
> > +         separated from the rest of the description by a ':'. "logon" keys can
> > +         be created and updated by userspace, but the payload is only readable
> > +         from kernel space.
> > +
> >   (*) Each process subscribes to three keyrings: a thread-specific keyring, a
> >       process-specific keyring, and a session-specific keyring.
> 
> 
> 


-- 
Jeff Layton <jlayton@...hat.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ