lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1453316302.2858.11.camel@linux.vnet.ibm.com>
Date:	Wed, 20 Jan 2016 13:58:22 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	David Howells <dhowells@...hat.com>
Cc:	linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
	petkan@...-labs.com, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 01/20] KEYS: Add an alloc flag to convey the
 builtinness of a key [ver #2]

On Tue, 2016-01-19 at 11:30 +0000, David Howells wrote:
> Add KEY_ALLOC_BUILT_IN to convey that a key should have KEY_FLAG_BUILTIN
> set rather than setting it after the fact.
> 
> Signed-off-by: David Howells <dhowells@...hat.com>

Acked-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>

> ---
> 
>  certs/system_keyring.c |    4 ++--
>  include/linux/key.h    |    1 +
>  security/keys/key.c    |    2 ++
>  3 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 2570598b784d..f4180326c2e1 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -84,12 +84,12 @@ static __init int load_system_certificate_list(void)
>  					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
>  					   KEY_USR_VIEW | KEY_USR_READ),
>  					   KEY_ALLOC_NOT_IN_QUOTA |
> -					   KEY_ALLOC_TRUSTED);
> +					   KEY_ALLOC_TRUSTED |
> +					   KEY_ALLOC_BUILT_IN);
>  		if (IS_ERR(key)) {
>  			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
>  			       PTR_ERR(key));
>  		} else {
> -			set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags);
>  			pr_notice("Loaded X.509 cert '%s'\n",
>  				  key_ref_to_ptr(key)->description);
>  			key_ref_put(key);
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 7321ab8ef949..5f5b1129dc92 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -219,6 +219,7 @@ extern struct key *key_alloc(struct key_type *type,
>  #define KEY_ALLOC_QUOTA_OVERRUN	0x0001	/* add to quota, permit even if overrun */
>  #define KEY_ALLOC_NOT_IN_QUOTA	0x0002	/* not in quota */
>  #define KEY_ALLOC_TRUSTED	0x0004	/* Key should be flagged as trusted */
> +#define KEY_ALLOC_BUILT_IN	0x0008	/* Key is built into kernel */
> 
>  extern void key_revoke(struct key *key);
>  extern void key_invalidate(struct key *key);
> diff --git a/security/keys/key.c b/security/keys/key.c
> index 07a87311055c..48dbfa543bcb 100644
> --- a/security/keys/key.c
> +++ b/security/keys/key.c
> @@ -296,6 +296,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
>  		key->flags |= 1 << KEY_FLAG_IN_QUOTA;
>  	if (flags & KEY_ALLOC_TRUSTED)
>  		key->flags |= 1 << KEY_FLAG_TRUSTED;
> +	if (flags & KEY_ALLOC_BUILT_IN)
> +		key->flags |= 1 << KEY_FLAG_BUILTIN;
> 
>  #ifdef KEY_DEBUGGING
>  	key->magic = KEY_DEBUG_MAGIC;


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ