diff options
author | David Howells <dhowells@redhat.com> | 2019-06-19 18:10:15 +0300 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2019-06-19 18:10:15 +0300 |
commit | 504b69eb3c95180bc59f1ae9096ad4b10bbbf254 (patch) | |
tree | f5d752709a378e608c13e3c517fa57fc49ad2fe9 /Documentation/security | |
parent | 45e0f30c30bb131663fbe1752974d6f2e39611e2 (diff) | |
download | linux-504b69eb3c95180bc59f1ae9096ad4b10bbbf254.tar.xz |
keys: Fix request_key() lack of Link perm check on found key
The request_key() syscall allows a process to gain access to the 'possessor'
permits of any key that grants it Search permission by virtue of request_key()
not checking whether a key it finds grants Link permission to the caller.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/keys/core.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 823d29bf44f7..82dd457ff78d 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -433,6 +433,10 @@ The main syscalls are: /sbin/request-key will be invoked in an attempt to obtain a key. The callout_info string will be passed as an argument to the program. + To link a key into the destination keyring the key must grant link + permission on the key to the caller and the keyring must grant write + permission. + See also Documentation/security/keys/request-key.rst. |