lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jun 2020 18:03:36 -0700
From:   Dan Williams <dan.j.williams@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     "torvalds@...ux-foundation.org" <torvalds@...ux-foundation.org>,
        "raven@...maw.net" <raven@...maw.net>,
        "kzak@...hat.com" <kzak@...hat.com>,
        "jarkko.sakkinen@...ux.intel.com" <jarkko.sakkinen@...ux.intel.com>,
        "linux-nvdimm@...ts.01.org" <linux-nvdimm@...ts.01.org>,
        "dray@...hat.com" <dray@...hat.com>,
        "swhiteho@...hat.com" <swhiteho@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
        "mszeredi@...hat.com" <mszeredi@...hat.com>,
        "jlayton@...hat.com" <jlayton@...hat.com>,
        "viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
        "andres@...razel.de" <andres@...razel.de>,
        "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
        "christian.brauner@...ntu.com" <christian.brauner@...ntu.com>
Subject: Re: [GIT PULL] General notification queue and key notifications

On Tue, Jun 23, 2020 at 5:55 PM David Howells <dhowells@...hat.com> wrote:
>
> Dan Williams <dan.j.williams@...el.com> wrote:
>
> > > This commit:
> > >
> > > >       keys: Make the KEY_NEED_* perms an enum rather than a mask
> > >
> > > ...upstream as:
> > >
> > >     8c0637e950d6 keys: Make the KEY_NEED_* perms an enum rather than a mask
> > >
> > > ...triggers a regression in the libnvdimm unit test that exercises the
> > > encrypted keys used to store nvdimm passphrases. It results in the
> > > below warning.
> >
> > This regression is still present in tip of tree. David, have you had a
> > chance to take a look?
>
> nvdimm_lookup_user_key() needs to indicate to lookup_user_key() what it wants
> the key for so that the appropriate security checks can take place in SELinux
> and Smack.  Note that I have a patch in the works that changes this still
> further.
>
> Does setting the third argument of lookup_user_key() to KEY_NEED_SEARCH work
> for you?

It does, thanks.

Shall I wait for your further reworks to fix this for v5.8, or is that
v5.9 material?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ